Port 535: IIOP — The bridge between distributed objects

Port 535 carries IIOP, the Internet Inter-ORB Protocol that allowed CORBA objects written in different languages to communicate across networks. It was middleware's answer to distributed computing in the 1990s—before REST, before microservices, before the web rewrote the rules.

What IIOP Does

IIOP (Internet Inter-ORB Protocol) is the transport protocol for CORBA—the Common Object Request Broker Architecture.¹ CORBA was designed to solve a specific problem: how do you make objects in one program talk to objects in another program, possibly written in a different language, running on a different operating system, on a different machine somewhere on the Internet?

The answer was the ORB—the Object Request Broker. Think of it as a universal translator and message router for distributed objects.

You never call a CORBA object directly. You make a request through a stub to your local ORB, which uses IIOP to forward it to an ORB on another machine, which uses skeleton code to invoke the actual method.² The object reference is a forwarding address, not a direct line.

IIOP is what happens when GIOP (General Inter-ORB Protocol) runs over TCP/IP.³ It handles the encoding, transmission, and decoding of method calls and their parameters across the network.

How It Works

Here's what happens when you invoke a method on a remote CORBA object:

On the client side:

• You call a method on what looks like a local object
• The stub (a stand-in wired into the ORB) intercepts the call
• The ORB marshals the method name and parameters into a standard format (CDR—Common Data Representation)
• IIOP carries this encoded message over TCP/IP to the server

On the server side:

• The server's ORB receives the IIOP message
• Skeleton code unmarshals the data back into the server's native format
• The actual method is invoked on the actual object
• Results (or errors) are marshaled and sent back the same way⁴

All of this happens transparently. From the programmer's perspective, you're just calling a method. The ORB handles registration, location, activation, marshaling, error handling, and routing.⁵

The History

CORBA was created by the Object Management Group (OMG), founded in April 1989 by eleven companies including Sun Microsystems, Hewlett-Packard, and American Airlines.⁶ CORBA 1.0 was released in October 1991, defining the Interface Definition Language (IDL) and the core APIs for distributed object communication.⁷

IIOP came later, as CORBA evolved to work over the Internet. Port 535 was assigned to IIOP by IANA for both TCP and UDP.⁸

The promise was seductive: write your objects in any language, deploy them anywhere, and they'll all talk to each other seamlessly. A stock trading system in C++ could invoke methods on a banking backend in COBOL, which could interact with a web frontend in Java, all through the same protocol.

What Happened

CORBA was real. Major enterprises built systems on it. Airlines, banks, telecommunications companies—industries that needed heterogeneous systems to communicate—adopted CORBA because there was no other game in town.

But the web changed everything. HTTP and REST offered a simpler model: resources, not objects. JSON over HTTP was easier to debug than marshaled IIOP messages. Firewalls liked port 80 and port 443; they were suspicious of port 535.

CORBA didn't fail technically. It failed culturally. It was complex when the web taught everyone to value simplicity. It was heavyweight when developers wanted lightweight. It required IDL compilers and stub generation when JavaScript proved you could just send a fetch request.

Security Considerations

IIOP on port 535 should be carefully managed:

• Firewall restrictions: Port 535 is not typically allowed through corporate firewalls. CORBA traffic was often tunneled through HTTP or SSH instead.
• Authentication: CORBA supports security services, but implementations vary. Don't assume IIOP traffic is authenticated or encrypted by default.
• Legacy systems: If you find port 535 open on your network, you're likely looking at a legacy CORBA deployment. Document it, understand it, and plan for its eventual migration.

Checking What's Listening

To see if anything is listening on port 535:

On Linux/Mac:

sudo lsof -i :535
sudo netstat -tlnp | grep :535

On Windows:

netstat -ano | findstr :535

If something is listening, it's almost certainly a CORBA ORB or a Java application using RMI-IIOP.

Related Ports

• Port 900: Used by some CORBA ORB implementations as an alternative
• Port 2809: IBM WebSphere's default ORB listener port
• Port 3700: Another common port for CORBA naming services

Why Port 535 Matters

Port 535 represents a specific moment in the evolution of distributed computing—the brief window when objects, not services, were the organizing principle of networked systems.

CORBA promised a world where objects in Java could talk to objects in C++ which could talk to objects in COBOL, all seamlessly across the Internet. Port 535 was supposed to be part of that future.

That future never quite arrived the way its architects imagined. But the systems built on it are still running. Somewhere, right now, an airline reservation system is making an IIOP call through port 535, carrying on a conversation that started in 1991.