What This Port Is
Port 3471 sits in the registered port range (1024–49151) — the space IANA manages for services that have formally claimed a port number. Unlike the well-known ports below 1024, registered ports don't require elevated privileges to bind. Unlike ephemeral ports above 49151, they're not randomly assigned to outbound connections.
IANA's registry shows port 3471 assigned to jt400-ssl, attributed to a contact at IBM.1
The JT400 Story
JT400, officially the IBM Toolbox for Java (now open-sourced as JTOpen), is a Java library for connecting applications to IBM i systems — the platform formerly known as AS/400, then iSeries, then System i.2 These machines have been running continuously in banks, warehouses, and hospitals since the late 1980s. Many still are.
The toolbox lets Java applications talk to IBM i host servers — database, command line, print, file, and more. Port 3470 is the JT400 proxy server port: when the proxy is enabled on the IBM i, client-side traffic routes through it instead of opening direct connections to each individual host server.
Port 3471 appears to have been registered as the SSL-secured version of that proxy connection. The logic is clean: 3470 for plain, 3471 for encrypted.
The Problem
Modern JT400 documentation doesn't list 3471 as an active port. The IBM Toolbox for Java's primary SSL ports follow the 9470–9476 range (adding 1000 to the standard 8470–8476 host server ports).3 Port 3471 doesn't appear in firewall guidance, SSL configuration instructions, or active deployment documentation.
This is a registered port that appears to have been claimed, never widely implemented, and never reclaimed. IANA keeps the registration. IBM doesn't advertise the port. The gap between those two facts is the whole story.
What's Actually on This Port
Almost certainly nothing — unless you're running old, specialized IBM i middleware that predates the current port conventions, or unless something else has quietly adopted the number.
To check what's listening on your system:
Linux / macOS:
Windows:
Network-wide scan:
Why This Matters
Unassigned and lightly-used registered ports aren't just administrative trivia. They're surface area.
Any process can bind to port 3471. Malware has historically used obscure registered port numbers specifically because they don't trigger firewall rules the way well-known ports do. A process quietly listening on 3471 won't set off alarms the way something on port 22 or 443 would.
If you see unexpected traffic on port 3471 — especially outbound connections — it's worth investigating. The legitimate IBM i use case is narrow and would typically appear in a controlled enterprise environment, not on a personal machine or general server.
A fost utilă această pagină?