Port 685 sits in the well-known port range (0-1023), officially assigned by IANA to a protocol called MDC Port Mapper. But if you've never heard of it, you're not alone.
What MDC Port Mapper Is
MDC Port Mapper is registered as a protocol for mapping network device ports to unique identifiers. It's intended for management software to communicate with network devices.1
That's the official description. In practice, MDC Port Mapper is obscure. There's no widely used implementation, no major RFC defining its operation, no community of administrators who rely on it. It exists on paper more than in production networks.
The Well-Known Port Range
Port 685 belongs to the well-known port range: ports 0-1023, reserved by IANA for standardized services. These ports require root privileges to bind on Unix-like systems, a design decision meant to ensure only trusted services use them.
But here's the reality: IANA has assigned all 1,024 slots in this range, and most of them are forgotten. Port 685 is one of them.
Security Considerations
Port 685 has been flagged by security researchers because trojans and malware have used this port to communicate.23 This doesn't mean port 685 is inherently dangerous—it means that malware authors sometimes choose obscure assigned ports precisely because they're unlikely to be monitored.
A trojan using port 685 looks slightly more legitimate than one using a random high port. It's assigned. It's in the well-known range. But nobody's watching it.
If you see traffic on port 685, investigate. It could be legitimate MDC Port Mapper traffic (unlikely), or it could be something you didn't install.
How to Check What's Listening
On Linux or macOS:
On Windows:
If something is listening and you don't recognize it, find out what it is before assuming it's safe.
Why Unassigned and Obscure Ports Matter
The well-known port range was designed when the Internet was smaller. IANA assigned ports to protocols that seemed important at the time, or to companies that requested them. Not all of those assignments aged well.
MDC Port Mapper got port 685. It's official. It's registered. But it's not used widely enough for most people to recognize it, which makes it useful for exactly one group: attackers looking for a port that won't raise immediate suspicion.
This is the strange life of an obscure well-known port. Assigned but dormant. Official but forgotten. Legitimate on paper, suspicious in practice.
Frequently Asked Questions About Port 685
Bu sayfa faydalı oldu mu?