Treat port 9998 not as a threat, but as a signal. When you see it, investigate. It may be keeping the lights on—or someone may be trying to turn them off. Have you encountered unusual activity on port 9998 in your environment? Perform the checks above and consult your incident response team before taking action.
In the vast landscape of TCP/IP networking, certain ports are famous (80 for web, 443 for secure web, 25 for email), while others lurk in obscurity. TCP port 9998 sits in that shadowy middle ground. It is not a registered IANA well-known port, but it has carved out specific, noteworthy roles—some legitimate, some malicious. tcp port 9998