TCP 1028
Synopsis
- There is no widely standardized, fixed service for TCP port 1028; in real networks it is commonly seen as a dynamically assigned Microsoft RPC/DCOM port on Windows systems.
- On Windows 2000/XP/Server 2003 and later, RPC-based services (e.g., COM+/DCOM components, LSARPC/LSASS, the legacy Messenger service, WINREG/Remote Registry) are frequently handed TCP 1028 by the RPC Endpoint Mapper after initial negotiation on 135.
- In practice, packet captures and logs often label traffic on TCP 1028 as MSRPC (endpoints such as epmapper, lsarpc, or winreg) when those services bind to that port.
- Security note: historically, attackers and spammers probed TCP/UDP 1026–1030 (including 1028) on Windows hosts to abuse RPC-exposed Messenger service pop-up messages and to hunt for RPC/DCOM vulnerabilities.
Observed activity
Last 30 days
Detailed chart