Port 3388: Unassigned — Living Next Door to RDP

What This Port Is

Port 3388 has no official assignment from IANA. No protocol owns it. No RFC defines it. In the port registry, it is simply blank.

It sits in the registered port range (1024–49151) — the middle tier of the port numbering system. Registered ports are meant to be claimed by applications and services that have gone through IANA's assignment process. Port 3388 never did.

That would make it unremarkable, except for its address.

The Neighbor Problem

Port 3389 is Microsoft's Remote Desktop Protocol. It is among the most scanned ports on the Internet, targeted constantly by automated bots probing for exposed Windows machines. The volume of attack traffic hitting 3389 is large enough to be measurable in global threat feeds.

Administrators aware of this sometimes move their RDP service to a different port — 3388, 3390, 3391, or elsewhere nearby. The logic: bots scanning specifically for 3389 will miss them.

This is security through obscurity. It reduces noise, not risk. Attackers who want access to RDP don't stop at 3389 — they scan ranges. Port 3388 gets swept up in that reconnaissance regularly. The SANS Internet Storm Center tracks scan activity on this port; it sees traffic because it's part of the neighborhood, not because anyone is looking for it specifically.¹

What You Might Find Here

Port 3388 has no official use, but in practice:

• Redirected RDP traffic — Windows administrators who've changed the default RDP port sometimes land here
• Malware and backdoors — Some remote access trojans use non-standard ports in this range to avoid detection
• Port scan residue — Traffic that arrives here is often just spillover from automated scans targeting 3389

If you see port 3388 open on a system you manage and you didn't put anything there, that's worth investigating.

How to Check What's Listening

On Windows:

netstat -ano | findstr :3388

This shows the process ID (PID) of whatever is listening. Cross-reference that PID in Task Manager to identify the application.

On Linux/macOS:

ss -tlnp | grep 3388

Or:

lsof -i :3388

If something is listening on this port and you can't identify it immediately, treat it as suspicious until you can.

Why Unassigned Ports Matter

The port numbering system works because of shared conventions. When port 443 is open, you know what to expect. When an unassigned port is open, you don't — and that ambiguity is exactly what both attackers and defenders exploit.

Unassigned ports are useful precisely because they're unpredictable. But unpredictability cuts both ways: they're also where unexpected things appear. A port that should be empty rarely stays that way forever.