Port 1953: Rapid Base — An Official Name, an Obscure Purpose, and One Notable Vulnerability

What Port 1953 Is

Port 1953 sits in the registered ports range (1024-49151), sometimes called user ports. IANA officially assigns these ports to services that have applied for a registration. The assignment doesn't mean the service is widely deployed — it just means someone staked a claim.

For port 1953, that claim belongs to Rapid Base (service name: rapidbase), registered for both TCP and UDP. Documentation about what Rapid Base actually does, who built it, or whether it's still in use is nearly impossible to find. The IANA registry records the name. The Internet doesn't seem to have heard of it.¹

What Port 1953 Is Actually Known For

In 2016, security researchers discovered that Hughes high-performance broadband satellite modems — models including the HN7740S, DW7000, and HN7000S — exposed a telnet service on port 1953 with no authentication required.

Any remote attacker who could reach the modem could connect and issue administrative commands: reboot the device, change configuration, disrupt service. No username. No password. Just access.²

This was assigned CVE-2016-9497.³ The vulnerability is a clean example of a broader pattern: a port left open by default, a service that assumed the network was safe, and the discovery that it wasn't.

Hughes satellite modems serve remote locations — ships, rural areas, places where satellite is the only option. The people relying on this equipment often had no idea their modem was listening for strangers on port 1953.

Checking What's on This Port

If you see traffic on port 1953, or want to know whether something is listening on your own system:

# On Linux/macOS - show what's listening on port 1953
ss -tlnp | grep 1953
# or
lsof -i :1953

# On Windows
netstat -ano | findstr :1953

For network scanning (with permission):

nmap -sV -p 1953 <target>

The SANS Internet Storm Center tracks scanning activity on this port. At various times, it has recorded automated probes — likely scanners looking for vulnerable Hughes modems or other services.⁴

Why Unassigned-in-Practice Ports Matter

The registered ports range contains over 48,000 possible port numbers. IANA has assigned many of them, but a significant number are registered to services that have quietly disappeared, or registered to names so obscure that no one outside the registrant uses them.

These ports don't sit empty. They get picked up by applications that need a port and assume no one else is there. They get probed by scanners. They occasionally end up hosting something the original registrant never intended.

Port 1953 is a small illustration of this: officially Rapid Base's, practically associated with a modem vulnerability, and currently producing scan traffic from sources looking for one or the other.