Port 2423: Unassigned — Unclaimed but Not Unused

Port 2423 has no officially assigned service. The Internet Assigned Numbers Authority (IANA) maintains no record of a protocol or application registered to this port number.¹

That doesn't mean it's empty.

The Registered Port Range

Port 2423 falls in the registered ports range (1024–49151). These ports are neither the reserved system ports (0–1023) that require root privileges, nor the ephemeral ports (49152–65535) that operating systems hand out freely to outgoing connections.

The registered range is supposed to be orderly: vendors apply to IANA, IANA records the assignment, and the world knows what to expect when it sees traffic on that port. In practice, vendors don't always ask. Software ships, ports get used, and the registry never finds out.

Port 2423 is one of the gaps — a registered port number with no registered tenant.

Known Unofficial Use: ABB RNRP

The most documented use of port 2423 is ABB's Redundant Network Routing Protocol (RNRP), used in their System 800xA distributed control system for industrial plants.²

RNRP manages redundant network paths between control system nodes. If the primary network fails, RNRP detects the failure and routes traffic through the backup network automatically — the kind of failover behavior that keeps a refinery or power plant running when a cable goes bad. Port 2423 (TCP and UDP) carries the protocol's routing and keepalive traffic between nodes.

This is industrial infrastructure: not consumer software, not web services. If you're running an ABB 800xA system, traffic on port 2423 is expected and normal. If you're not, it's worth a second look.

Security Flags

Port 2423 appears in several trojan and suspicious port databases maintained by security researchers, suggesting it has been observed as a callback or command-and-control port in historical malware. No specific, well-documented malware family is strongly associated with it — these databases tend to be broad rather than precise — but the flag exists.³

The practical implication: if a port scanner or security tool flags 2423 as suspicious, it's not crying wolf without reason. Investigate what's actually listening.

What to Check

If you see traffic on port 2423 and you're not running ABB industrial control software, identify the process:

Linux / macOS:

sudo ss -tlnp | grep 2423
sudo lsof -i :2423

Windows:

netstat -ano | findstr :2423
# Then look up the PID:
tasklist | findstr <PID>

The goal is simple: know what owns the port. Legitimate software will be identifiable. If nothing obvious claims it and traffic is flowing anyway, that's the signal.

Why Unassigned Ports Matter

The port registry is the agreed map of the Internet's doors. Unassigned ports are the unmapped rooms — they exist, they work, but nobody officially knows what's in them.

Software fills these rooms constantly, for legitimate reasons and illegitimate ones. RNRP runs on 2423 because ABB needed a port and picked one. Malware runs on unassigned ports for the same reason: they're less likely to be blocked by default, less likely to trigger immediate recognition.

An unassigned port isn't empty. It's just unclaimed. The difference only matters when you find something there.