Port 284 sits in the well-known ports range (0-1023), officially assigned to a service called "corerjd." But if you go looking for what corerjd actually does, you'll find nothing. No documentation. No active software. No RFC explaining the protocol. Just a name in a database and the faint digital fingerprints of malware that once exploited this abandoned address.
What Port 284 Was Supposed to Be
According to IANA's official registry, port 284 is assigned to "corerjd" for both TCP and UDP.1 That's all we know. The service name appears in port databases across the Internet, dutifully copied from the official registry, but the trail ends there.
No one can explain what "corerjd" stands for. No company claims it. No RFC documents it. The service either died before it could leave a mark on the Internet's memory, or it was never meant to be public in the first place.
The Well-Known Ports Range
Port 284 belongs to the System Ports range (0-1023), reserved for services assigned by IANA through formal review processes.2 These are the Internet's prime real estate—ports that require IETF Review or IESG Approval to claim.
Someone went through that process for corerjd. They submitted an application. They got approval. They secured port 284 for both TCP and UDP. And then the service vanished.
What Actually Uses Port 284
In practice, port 284 has been flagged as a vector for malware communication.3 When security tools see traffic on port 284, they raise warnings—not because the port itself is dangerous, but because abandoned ports make convenient hiding places for hostile software.
Malware loves ghost ports. A service that no one monitors, on a port that legitimate software doesn't use, becomes an invisible channel. The irony is perfect: a port assigned through official channels, now serving as a backdoor specifically because it was officially assigned and then forgotten.
How to Check What's Listening
If you want to see what's actually using port 284 on your system:
On Linux or macOS:
On Windows:
If you see something listening on port 284, investigate it. Legitimate software rarely uses this port. More likely, you've found either a misconfigured service or something that shouldn't be there at all.
Why Ghost Ports Matter
Port 284 represents a strange class of Internet infrastructure: officially assigned addresses that exist in registries but not in practice. These ghost ports matter because:
They create security blind spots. Network administrators don't monitor ports they think are unused. Malware exploits that assumption.
They preserve Internet history. Every assigned port represents a moment when someone thought they were building something important enough to claim a well-known port number. Most of those projects succeeded. Some, like corerjd, left only their name.
They show the cost of permanence. Port assignments are effectively permanent. Once IANA assigns a port number, it stays assigned—even if the service dies, even if the documentation disappears, even if no one remembers what it was for.
Port 284 is assigned to corerjd. But corerjd is assigned to nothing.
Related Ports
- Port 280 (http-mgmt): HTTP management service, another obscure well-known port
- Port 285: Unassigned
- Port 286: Unassigned
Frequently Asked Questions
Was this page helpful?