What This Port Is
Port 1028 is a registered port (TCP/UDP, 1024-49151 range). It was formally assigned to Solid Mux Server, a multiplexing service from the 1990s that never gained traction in actual use. 1
This is the port's official identity. Almost nobody uses it.
What Actually Listens Here
In practice, port 1028 appears on systems for three main reasons:
Windows RPC Services — Windows systems sometimes bind Remote Procedure Call (RPC) services to random ports above 1024. Port 1028 is one of the numbers these services pick, especially on older Windows NT/2000 systems. The port changes from boot to boot. 2
Windows Messenger Spam — Before Windows Messenger was phased out, it used UDP port 1028. Firewall logs from the 2000s show waves of packets targeting this port, often associated with spam and unwanted traffic. 3
Malware — The port has been linked to trojan families, most notably DataSpy Network X, which provided remote access, keylogging, and port scanning capabilities. Finding port 1028 open on your system is a red flag worth investigating. 4
Why This Matters
Port 1028 exists in the gap between official IANA assignments and what networks actually do. The registered service is a ghost. The port itself is real and frequently suspicious.
This is why security tools flag it. Not because Solid Mux Server is dangerous, but because the port became a convenient address for things that are.
Checking Your System
To see if something is listening on port 1028:
macOS/Linux:
Windows:
Then cross-reference the process ID with Task Manager or Process Explorer to see what's actually using it.
If you find a Windows service you don't recognize, it's worth investigating before assuming it's benign.
Port Range Context
Port 1028 is in the registered port range (1024-49151). These ports require formal assignment through IANA. The range was created to prevent conflicts between system services (0-1023) and user applications. Port 1028 was assigned. It just lost the race with history.
Was this page helpful?