In early year 2001, many exploit scripts for DNS TSIG name overflow would place a root shell
on this port.
In mid-2001, a worm was created that enters the system
via this port (left behind by some other attacker), then starts scanning
other machines from this port.
