Port 1681 sits in the registered port range (1024–49151). IANA officially assigned it the service name sd-elmd for both TCP and UDP. That name appears in the registry and almost nowhere else. No RFC defines it. No documentation explains what it does.
In practice, port 1681 is known for something else entirely.
What Has Actually Lived Here
Elipse E3 is a Brazilian SCADA platform used in industrial process control — the kind of software that monitors and manages physical infrastructure like power systems, water treatment, and manufacturing lines.
Older versions of Elipse E3 (3.x and earlier) ran an embedded HTTP server on TCP port 1681. Operators could access a status page at index.html. This is a common pattern in industrial software: expose a lightweight web interface so technicians can check system state without specialized tools.
The problem: the HTTP server crashed when hit with a rapid series of requests. Not a crafted exploit. Not a sophisticated attack. Just HTTP traffic, fast. The result, per the CVE description, was an "application crash and plant outage." 1
CISA (then ICS-CERT) issued an advisory. 2 The vulnerability is documented as CVE-2014-8652.
The Range This Port Belongs To
Port 1681 is a registered port — the middle tier of the three-range system:
- Well-known ports (0–1023): Assigned to core protocols like HTTP (80), SSH (22), DNS (53). Require elevated privileges to bind on most operating systems.
- Registered ports (1024–49151): Available for application vendors to register with IANA. No privilege requirement to bind. Elipse registered sd-elmd here.
- Dynamic/ephemeral ports (49152–65535): Used temporarily by operating systems for outgoing connections. Not assigned to services.
Registered ports represent a compromise: open enough that any application can use them, structured enough that vendors can claim a number and tell users "look for me here."
What's Probably on Port 1681 Today
If you see traffic on port 1681, it's most likely one of:
- Elipse E3 or a related industrial control application
- Something internal using the port opportunistically (developers often pick numbers in this range without checking IANA)
- Nothing — most ports in the registered range sit silent on most machines
How to Check What's Listening
On Linux or macOS:
On Windows:
These show the process ID alongside the port. Cross-reference the PID with your process list to find out what application opened the socket.
Why Unassigned (or Barely Assigned) Ports Matter
The Elipse E3 story illustrates something important about industrial systems and the Internet. SCADA software was designed for isolated networks — closed loops where only authorized machines could talk to each other. As industrial systems began connecting to corporate networks (and occasionally the Internet), their embedded web servers suddenly became reachable by anyone.
A web server that crashes under normal HTTP load is survivable on a personal laptop. On a system managing physical infrastructure, "application crash" means something different.
Port 1681 is a small window into that larger collision: industrial protocols meeting the open Internet, registered service names that nobody recognizes, and HTTP traffic bringing down a plant.
A fost utilă această pagină?