Port 1871 sits in the registered ports range (1024–49151). These ports are assigned by IANA to specific applications and services, as distinguished from the well-known ports below 1024 that are reserved for foundational Internet protocols.
IANA lists port 1871 as assigned to "canocentral0" (Cano Central 0) on both TCP and UDP. That's where the official record ends. No RFC defines the protocol. No software package claims it. No company appears to have shipped a product using it. The registration exists, but whatever was behind it has vanished — if it ever existed publicly at all.1
What Unassigned Means (and Why "Assigned" Isn't Always Better)
The registered ports range exists so that applications can claim a port number, reducing the chance that two programs collide on the same number. In practice, the system works on the honor system: IANA accepts registrations and lists them, but doesn't verify that the registrant has shipped working software or published documentation.
The result is a registry that contains both critical infrastructure (port 1433 for Microsoft SQL Server, port 3306 for MySQL) and ghost entries — port numbers someone registered and then abandoned, or registered speculatively and never used.
Port 1871 appears to be one of the ghosts.
A Historical Footnote: Bekkoame
Security databases from the early 2000s associate port 1871 with Bekkoame, a trojan horse from the dial-up era.2 Malware from that period frequently picked registered-but-dormant ports for command-and-control traffic, reasoning that an obscure port name would draw less scrutiny than something obviously suspicious.
Bekkoame is long defunct. Modern security tools don't flag port 1871 as an active threat. But if you find unexpected traffic on this port, it warrants investigation — not because of Bekkoame specifically, but because any unexpected listener on any port is worth understanding.
How to Check What's Listening
If port 1871 is open on a system you manage and you don't know why, these commands will tell you what process owns it:
macOS / Linux:
Windows:
The process name will usually tell you immediately whether something legitimate is running there.
Summary
| Detail | Value |
|---|---|
| Range | Registered ports (1024–49151) |
| Official assignment | canocentral0 / Cano Central 0 (TCP + UDP) |
| Real-world usage | Unknown — no documented software |
| Historical note | Associated with Bekkoame trojan (early 2000s, now defunct) |
| Threat level today | Low — no active known malware |
Frequently Asked Questions
Esta página foi útil?