Port 2064: Unassigned — Once the Relay for Cracking RSA

Port 2064 sits in the registered port range (1024–49151). IANA keeps a registry of which services get which ports in this range — but port 2064 has no current assignment. It's an empty slot.

That doesn't mean nothing has ever used it.

The Registered Port Range

Ports 1024 through 49151 are called registered ports. Unlike the well-known ports below 1024 (which require root privileges to bind on Unix systems), any application can use registered ports. IANA assigns them on request, but the registry has gaps — numbers that were never claimed, or claimed informally and never formally registered.

Port 2064 is one of those gaps.

An Unofficial History

Port 2064 was used by distributed.net as the default port for its personal proxy (pproxy) connections — the relay layer between individual volunteer machines and distributed.net's central key servers.¹

Distributed.net ran some of the largest volunteer computing projects ever attempted. In the late 1990s and early 2000s, the project invited anyone with a spare computer to install a small client that would download encrypted keyblocks, attempt to crack them, and report results back. The goal: brute-force RSA encryption challenges issued by RSA Security, proving (or disproving) the practical strength of various key lengths.

The numbers tell the story:

• RC5-56: Cracked in 250 days (1997). Winning key: 0x532B744CC20999
• RC5-64: Cracked in 1,757 days (2002). Winning key: 0x63DE7DC154F4D039²

Thousands of machines participated. The personal proxy layer — running on port 2064 — let local network administrators set up intermediate relay servers, so an entire office or university could funnel keyblock requests through a single machine rather than each client connecting directly.

Port 2064 was where keyblocks went out and results came in. Quiet, background traffic. Most people running the client never thought about the port at all.

What's Actually on Port 2064 Today

Almost certainly nothing related to distributed.net. The project's activity has declined sharply, and the RC5 work that used this port is largely dormant.

If you see traffic on port 2064 on your network, it's worth investigating. Unassigned ports occasionally get used by legitimate applications that didn't bother registering — or by software you'd rather not have.

To check what's listening on port 2064:

# On Linux/macOS
sudo lsof -i :2064
sudo ss -tlnp | grep 2064

# On Windows
netstat -ano | findstr :2064

Why Unassigned Ports Matter

The port registry isn't just bureaucracy. When a port has a known assignment, your firewall, your IDS, and your colleagues all share an expectation of what traffic on that port looks like. Unexpected traffic on an assigned port is a signal.

Unassigned ports are noisier. They carry no expectation. Malware sometimes uses them precisely because there's no baseline to deviate from. That's not a reason to block all unassigned ports (you'd break countless legitimate applications), but it is a reason to investigate unexpected listeners.

Port 2064 is unassigned. If something's running on it, find out what.