TCP 593
Synopsis
- TCP port 593 is the Microsoft HTTP RPC Endpoint Mapper (service name: http-rpc-epmap).
- It is used by Windows DCOM/COM+ for RPC over HTTP v1, allowing RPC endpoint mapping via HTTP.
- Real-world deployments include Windows 2000/XP/Server 2003 systems with the “RPC over HTTP” feature, most notably IIS servers hosting the RPC over HTTP Proxy for Microsoft Exchange 2003/2000 (used by Outlook 2003 “RPC over HTTP”/early Outlook Anywhere setups).
- You commonly saw 593/tcp open on Exchange 2003 front-end/back-end servers and Windows Small Business Server 2003 when enabling Outlook over the Internet.
- Some legacy Microsoft admin tools that leveraged DCOM/COM+ on those platforms used this path when RPC over HTTP v1 was enabled.
- Security note: Because it exposes RPC/DCOM over HTTP, attackers historically scan and target 593 to reach Windows RPC services through firewalls, and several RPC/DCOM remote code execution flaws have been exploitable when this port is exposed.
Observed activity
Last 30 days
Detailed chart