Port 3879

(TCP) An exploit for the gdm XDMCP vulnerability will bind a root shell to this port.

XDMCP gdm exploit