Port 1338: Unassigned — A port shaped by its past

Port 1338 sits in the registered ports range (1024-49151)—the middle tier of the port number system. These ports aren't reserved for well-known services like HTTP or SSH, but they're registered with IANA to avoid conflicts. Port 1338, however, has no official assignment.¹

That doesn't mean it's unused. It means any application can claim it.

What Uses Port 1338

Because this port is unassigned, different software uses it for different purposes:

Medical equipment — IBA Dosimetry's myQA Daily system uses port 1338 for communication with dosimetry hardware used in radiation therapy.²

Development platforms — Codedamn provides port 1338 for hosting HTTP or WebSocket services in their cloud development environment.³

Flight simulation — X-Plane flight simulator uses port 1338 for some of its network communications, though the specific function isn't well documented.⁴

WebSocket implementations — Various custom applications use port 1338 for WebSocket connections.⁵

None of these uses are official. Each application simply chose 1338 because it was available.

The Millennium Worm

Port 1338's most notable use was by malware called the Millennium Worm (also known as W32.Monikey or I-Worm.Millennium), which spread in the early 2000s.⁶ The worm used port 1338 for command and control communication—waiting for instructions from remote attackers.

This is why security scanners still flag port 1338 as potentially malicious. The actual worm is long dead, but security tools remember.⁷ If you see port 1338 flagged in a security scan, it doesn't necessarily mean you're infected. It means something is listening on a port that malware once used.

The question becomes: what's listening, and should it be?

How to Check What's Using Port 1338

On Linux or macOS:

sudo lsof -i :1338

On Windows:

netstat -ano | findstr :1338

If something is listening on port 1338, these commands will show you which process owns it. You can then decide whether it's legitimate software or something that shouldn't be there.

Why Unassigned Ports Matter

The registered ports range (1024-49151) contains thousands of ports. Some are officially assigned to specific services. Most are not.

Unassigned ports are useful because they give developers flexibility—you can run custom services without conflicting with well-known protocols. But that same flexibility creates risk. Any application can bind to an unassigned port, including malware.

This is why monitoring matters. On a well-maintained system, you should know what's listening on which ports. An unexpected listener on port 1338 deserves investigation, not because 1338 is inherently dangerous, but because unexpected services are.

Security Considerations

Port 1338 isn't dangerous. What runs on it might be.

If you're running legitimate software that uses port 1338 (medical equipment, development tools, flight simulators), that's fine. If you find port 1338 open and don't recognize what's using it, investigate.

The Millennium Worm is history. But the principle remains: unassigned ports are neutral territory. What matters is who claims them.