Port 1075 sits in the registered ports range (1024-49151), officially assigned by IANA to a service called RDRMSHC. But if you search for information about this port, you'll find more documentation about the malware that uses it than the service it was registered for.
What Port 1075 Is Officially For
RDRMSHC is registered with IANA for both TCP and UDP on port 1075.1 The service name stands alone without extensive public documentation about what it does or who maintains it. Historical forum discussions suggest it may have been registered by Fujitsu Japan for an "open business protocol," but concrete details about its purpose and current use are scarce.2
This is not unusual in the registered ports range. Many ports were claimed years ago for services that never saw widespread adoption or were used only within specific organizations.
What Port 1075 Is Known For
Security researchers know port 1075 for a different reason: Backdoor.Win32.LanaFTP.k, a trojan that listens on TCP port 1075.3
When this backdoor infects a Windows system, it opens port 1075 and waits. Any attacker who can reach the infected machine can send specially crafted payloads that trigger heap corruption, giving them control of the system.4 The malware has been documented with multiple vulnerabilities, including weak hardcoded passwords and the ability to perform port bounce scans—using the infected machine as a launching point for network reconnaissance.5
Port 1075 appears in security scanning databases specifically because of this association. Seeing unexpected traffic on port 1075 is often a red flag worth investigating.
The Registered Ports Range
Port 1075 belongs to the registered ports range: 1024-49151. These ports are assigned by IANA through various review processes, but unlike well-known ports (0-1023), they don't require root or administrator privileges to bind to.
This means:
- Any application can listen on port 1075
- The official RDRMSHC registration doesn't prevent other software from using it
- Malware can (and does) claim these ports just as easily as legitimate services
The registered ports range is where official assignments and reality often diverge. A port might be registered for one thing and actually used for something else entirely.
Why This Port Matters
Port 1075 is a perfect example of why unassigned or poorly-documented ports matter in security. The gap between "what a port is registered for" and "what actually uses it" creates opportunities for malicious software to hide.
If you see port 1075 open on a system:
- It could be legitimate RDRMSHC traffic (rare)
- It could be the LanaFTP backdoor (more likely if unexpected)
- It could be something else entirely
The ambiguity is the problem.
How to Check What's Listening
On Linux or macOS:
On Windows:
If something is listening on port 1075 and you don't recognize the process, investigate. The legitimate RDRMSHC service is uncommon enough that any activity here deserves scrutiny.
The Reality of Registered Ports
Port 1075 teaches us something about the port number system: registration is not the same as control. IANA can assign a port to a service, but that doesn't prevent other software—legitimate or malicious—from using it.
The registered ports range (1024-49151) contains thousands of assignments like RDRMSHC. Some are actively used by thriving services. Some were used once and abandoned. Some exist only on paper while other software uses the port in practice.
This is the messy reality of how the Internet actually works. The official records tell one story. Network traffic tells another.
Port 1075 belongs to RDRMSHC on paper. In the wild, it's better known as the port where a backdoor waits for its master.
หน้านี้มีประโยชน์หรือไม่?