Port 3515: MUST Backplane — A Registered Name, an Empty Room

What Port 3515 Is

Port 3515 sits in the registered port range (1024–49151). These ports are not claimed by the operating system the way well-known ports (0–1023) are, but they are tracked by IANA — the Internet Assigned Numbers Authority — so services can stake a claim and avoid collisions.

IANA records show port 3515 as registered to something called "MUST Backplane" in May 2002. ¹ What MUST Backplane was, who built it, and whether it ever shipped — none of that is publicly documented. The registration exists. The service, apparently, does not.

This happens. Organizations register ports for products that never launch, or launch quietly and disappear. The IANA registry is not a graveyard, but it has its share of headstones.

What Actually Uses This Port

Legitimate services: none known.

Malicious services: a few.

Backdoor.Win32.Mazben.me, a Windows backdoor, was documented listening on port 3515 as an unauthenticated open proxy. A machine infected with it would silently relay connections for anyone who found the open port — turning your computer into infrastructure for someone else's attacks. ²

W32.Spybot variants have also been associated with this port. ²

This is the predictable fate of an unoccupied registered port: malware moves in. There is no legitimate traffic to blend with, no firewall rule likely to be watching, and no user expecting activity. It is the network equivalent of squatting in an abandoned building.

How to Check What's Listening

If you want to see whether anything is using port 3515 on your system:

macOS / Linux:

lsof -i :3515

Windows:

netstat -ano | findstr :3515

If something is listening and you didn't put it there, that warrants investigation. Port 3515 has no business running a legitimate service on a standard machine.

Why This Matters

The registered port range contains thousands of ports like 3515 — technically claimed, practically empty. They serve as a reminder that the port numbering system is a coordination mechanism, not an enforcement mechanism. Anyone can listen on any port. Registration just asks others to stay away.

For defenders, empty registered ports are worth watching. They're attractive to malware precisely because they're quiet. A port that should never have traffic is a good place to notice when traffic appears.