What This Port Is
Port 3671 sits in the registered port range (1024–49151) but carries no official IANA service assignment. In practice, it has one dominant use: KNXNet/IP, the IP transport layer for the KNX building automation standard.
If a building has smart lighting, automated climate control, or integrated security — and it runs KNX — there's a good chance port 3671 is involved.
The Registered Port Range
Ports 1024–49151 are "registered" ports. IANA maintains a registry where software vendors can claim a port for their application. Registered doesn't mean reserved — it means someone asked, and IANA said yes.
Port 3671 was never claimed. It sits in the registry as unassigned. And yet, it became the de facto standard for an entire industry.
KNXNet/IP: What's Actually on This Port
KNX is a building automation standard that predates the web. Born in Europe in the 1990s as EIB (European Installation Bus), it became the dominant protocol for controlling lights, heating, blinds, and security in commercial and residential buildings.
When KNX grew up and needed to speak IP, it chose port 3671. Two transport modes use it:
UDP port 3671 — KNXNet/IP Tunneling and Routing
The classic mode. ETS (Engineering Tool Software, the programming environment for KNX installations) connects to KNX IP interfaces and routers via UDP 3671. The KNX multicast group — address 224.0.23.12, port 3671 — allows KNX IP routers to exchange telegrams across a building's IP network without any central broker. Every router listens on that multicast address. Every telegram finds its own way.1
TCP port 3671 — KNX IP Secure
The newer mode, introduced as KNX installations started appearing in more security-sensitive environments. KNX IP Secure adds encryption and authentication to the tunneling protocol, and it runs over TCP rather than UDP. Same port, different transport, fundamentally different security posture.2
Who Uses This Port
Any building running KNX IP. That includes:
- Hotel room control panels reporting back to a central controller
- Hospital climate systems responding to zone sensors
- Office buildings where a single ETS session programs thousands of devices
- Home automation setups connecting KNX hardware to Home Assistant, openHAB, or similar platforms
The KNX Association claims over 500 manufacturer members and products installed in 190 countries.3 Most modern KNX installations with IP connectivity are touching port 3671.
Security Considerations
KNX IP Tunneling over UDP has no authentication. Anyone on the same network who speaks the protocol can send commands. In a building where port 3671 is reachable, an attacker who understands KNX could turn lights on and off, adjust thermostats, or trigger automation sequences.
Remote access is worse. Forwarding port 3671 through a firewall to program a KNX installation remotely is something people do — and something the KNX Association explicitly warns against. VPN is the recommended path for any remote KNX work.4
KNX IP Secure (TCP 3671) addresses this with AES-128 encryption and device certificates, but adoption requires newer hardware and ETS 5.7 or later.
How to Check What's Listening
If you see activity on port 3671 and want to know what's there:
For network-wide discovery, a packet capture will reveal the KNXNet/IP signature quickly — the protocol has a distinctive header format with a fixed magic byte sequence (0x06 0x10).
Why Unassigned Ports Matter
The KNX situation illustrates something real about how the Internet works in practice. The IANA registry is authoritative but not omnipotent. Industries develop standards, pick ports, and ship products — sometimes without filing paperwork. By the time the ecosystem is large enough that anyone notices, the port is effectively claimed whether IANA says so or not.
Port 3671 is unassigned on paper. In practice, it belongs to the buildings.
Esta página foi útil?