Port 2800 sits in the registered port range (1024–49151). IANA has not assigned it to any official service.1 It is open territory — legally claimable by any application that wants to stake a claim there, and several have.
What Actually Runs Here
Physical Access Control: Johnson Controls iSTAR
The most documented use of port 2800 belongs to physical security, not network security. Johnson Controls' C•CURE 9000 platform — a building access control system found in hospitals, government facilities, and data centers — uses port 2800 for communication between the central server and iSTAR Pro and Ultra door controllers.2
These are the panels that decide whether a badge opens a door. They communicate back to the C•CURE 9000 SiteServer over port 2800 using unencrypted TCP/UDP. The neighboring ports tell the rest of the story:
- 2800 — Main iSTAR connection (unencrypted)
- 2801 — Fast personnel download to iSTAR panels
- 2802 — Fast image download (iSTAR Pro only)
The word "unencrypted" in the official documentation is worth sitting with. The channel that authorizes physical entry into secured spaces sends its traffic in plaintext. Johnson Controls' own hardening guides acknowledge this and recommend proper network segmentation as a compensating control.3
Historical Malware: BackDoor-QW
Port 2800 has also been associated with BackDoor-QW, a remote access trojan documented in security databases.4 Like most backdoor trojans, it used this port to phone home — receiving instructions from an attacker while blending into the noise of other traffic on an unassigned port.
The threat is historical. Modern endpoint protection handles BackDoor-QW. But it's a reminder of why unusual open ports deserve a look.
What Range This Port Belongs To
The registered port range (1024–49151) exists between the well-known ports (0–1023), which require root or administrator privileges and are tightly controlled by IANA, and the ephemeral ports (49152–65535), which operating systems assign dynamically for outbound connections.
Registered ports are the middle ground: no root required to bind them, loosely governed, available for any software that wants a consistent address. Some registered ports have formal IANA assignments with RFCs behind them. Many, like 2800, do not — they're simply used by convention.
How to Check What's Listening on Port 2800
If port 2800 is open on a machine you administer and you didn't put it there, it's worth knowing why.
On Linux/macOS:
On Windows:
The process ID in the output will tell you what's listening. Cross-reference it against your running processes. If you're running a C•CURE 9000 system, the process will be iSTAR_DriverService.exe or similar. If you're not running an access control platform and something is listening here, that's worth investigating.
Why Unassigned Ports Matter
The port numbering system has 65,535 slots. IANA has formally assigned only a fraction of the registered range. The rest are like unclaimed land — technically available to anyone, used by convention rather than by rule.
This matters for two reasons. First, it means port scanners and security tools can't rely on a port number alone to identify what's running there — anything could be on port 2800. Second, it means malware authors know that unassigned ports attract less automatic scrutiny than, say, something unexpected on port 443.
An open registered port with no known assignment is a question, not an answer. The only way to know what's there is to look.
Frequently Asked Questions
Была ли эта страница полезной?