Port 681 carries Entrust's Authority Administration and Management Service (AAMS)—or at least, it used to. This is enterprise certificate infrastructure from the 1990s, when public key infrastructure was new and every vendor was building their own systems.
What Lives Here
Service: entrust-aams
Protocol: TCP and UDP
Official: Yes, assigned by IANA
Reality: Mostly extinct in the wild
Port 681 is officially registered to Entrust for their Authority Administration service. This was part of Entrust's certificate authority infrastructure—the backend management system that administrators used to issue certificates, manage users, and configure their PKI deployment.1
The Entrust Story
Entrust Inc. was founded in 1994, right when the Internet desperately needed certificate authorities.2 Secure communications required digital certificates, and someone had to issue them, manage them, and revoke them when things went wrong.
Entrust built enterprise PKI solutions. Big organizations—governments, financial institutions, corporations—used Entrust Authority to run their own internal certificate authorities. Port 681 was where the administration service lived, letting PKI administrators manage the whole operation.3
By 2000, Entrust acquired enCommerce to expand their authentication and authorization capabilities.2 The company is still around, still doing identity and access management, but the infrastructure has evolved far beyond needing dedicated ports for each administration service.
Why You Won't Find It
Port 681 is assigned but essentially extinct. Modern Entrust products use different architectures—web-based administration consoles, REST APIs, standard HTTPS on port 443. The dedicated administration port from the 1990s is a fossil.
If you scan port 681 across the Internet today, you'll find mostly silence. The occasional legacy installation might still be running, but the PKI world has moved on.
What Well-Known Means
Port 681 lives in the well-known port range (0-1023), which IANA tightly controls. These ports are supposed to be reserved for established, standardized services that need consistent port assignments across all systems.
Getting a well-known port assignment in the 1990s meant your service was significant enough—or your company influential enough—to justify permanent IANA registration. Entrust qualified. They were a major player in PKI when PKI was the future of Internet security.
The well-known range is mostly full now. New services almost never get assigned ports below 1024. Port 681 represents an era when there was still room in the registry and when enterprise software vendors expected to run their own protocols on their own ports.
Checking What's Listening
To see if anything is actually using port 681 on your system:
Linux/macOS:
Windows:
You'll probably get nothing. But if something shows up, you've found either a legacy Entrust installation or something else that decided to squat on an assigned-but-unused port.
The Registry as Archaeology
Port 681 is a reminder that the IANA port registry is partly historical record. Not every assigned port is actively used. Some represent protocols that died out. Some represent products that evolved beyond needing dedicated ports. Some represent the 1990s belief that every enterprise service needed its own permanent port number.
The port is registered. The registration is legitimate. But the world has moved on. Port 681 sits there in the registry like a tombstone—marking where something once lived.
Security Note
If you find port 681 open on a modern system and you're not running legacy Entrust software, investigate. Unused assigned ports sometimes get repurposed by malware or unauthorized services precisely because they're "official" enough to look legitimate but obscure enough to escape notice.
Related Ports
Other certificate authority and PKI infrastructure ports from the same era:
- Port 829 — Certificate Management Protocol (CMP), an actual standard that survived
- Port 443 — HTTPS, where modern PKI administration actually happens
- Port 636 — LDAPS, often used alongside PKI for directory services
หน้านี้มีประโยชน์หรือไม่?