1. Ports
  2. Port 10017

Port 10017 — A Deprecated Remote Execution Daemon

What This Port Carries

Port 10017 is a registered port — it sits in the 1024-49151 range, the middle ground between privileged system ports (0-1023) and the wild west of dynamic/ephemeral ports (49152-65535). Registered ports are IANA-assigned to specific services, meaning someone formally requested this slot and got it.

In port 10017's case, that someone was the designers of rexd, the remote execution daemon.1 This was a Unix-world tool that lived on AIX, NeXT, and HP-UX systems. Its job was simple: listen for incoming RPC (Remote Procedure Call) requests, authenticate users, and execute arbitrary commands on their behalf.2

The Obsolescence

Port 10017 doesn't have an official IANA entry anymore because rexd is dead. Not metaphorically—the service has been removed from modern operating systems entirely. It represents a security model from an era when network security meant "don't let evil people on your LAN," and trusting authenticated users with command execution seemed reasonable.

Then SSH arrived. SSH did everything rexd did, but with public-key cryptography, proper encryption, and the assumption that networks are hostile by default. rexd became the security equivalent of a Model T—historically important, but nobody's driving it anymore.

If You Find It Listening

To check if anything is listening on port 10017:

# On macOS or Linux
sudo lsof -i :10017
netstat -an | grep 10017

# On Windows (PowerShell)
netstat -ano | findstr :10017

If you see something there, it's almost certainly not rexd (that would be remarkable). It's more likely to be:

  • Legacy Unix systems still running deprecated daemons
  • Custom applications that happened to pick this port
  • Security scanning noise

Why This Port Matters

Port 10017 is instructive precisely because it's forgotten. It's a fossil record of how we used to do remote access, preserved in the port registry like an insect in amber. Every port tells a story about what someone needed to solve. This one says: "We needed remote execution, we had nothing better, and we trusted our networks."

The next person who designed remote access (the SSH creators) said: "We know what went wrong."

Related Ports

  • Port 512-514: rsh/rlogin/rcp — Other "r" commands (rsh, rlogin, rcp). All deprecated for the same reasons as rexd.
  • Port 22: SSH — What killed rexd and everything like it.
  • Port 111: portmap/rpcbind — The service locator that rexd relied on to announce itself.

Frequently Asked Questions

Previous

Port 10015: Spark Thrift Server — The Hidden Doorway Into Big Data

Next

Port 10018 — The Waiting Room

Was this page helpful?

😔
🤨
😃
Port 10017 — A Deprecated Remote Execution Daemon • Connected