Skip to content
PortsDB

Port reference

Port 8554 (TCP) – RTSP alternate (streaming)

Common alternate port for RTSP streaming used by IP cameras, media servers, and software like live555 when 554 is unavailable.

tcpRegisteredCommonly attacked

Default state

Open on IP cameras, NVRs, and streaming servers configured to use an alternate RTSP port; sometimes exposed to the internet.

Common attacks

  • Accessing live camera/media feeds with no or default authentication
  • Stream URL/path brute forcing to find unprotected feeds
  • Credential brute force against camera and server accounts
  • Mass scanning and indexing of exposed RTSP streams

Hardening

  • Require authentication and change all default credentials
  • Never expose RTSP to the internet; use an isolated VLAN
  • Access feeds through a VPN or secured gateway
  • Patch camera/server firmware and disable unused RTSP endpoints
  • Treat 8554 with the same controls as standard RTSP 554

nmap snippet

nmap -p8554 --script rtsp-methods,rtsp-url-brute <target>

Replace <target> with the host or range you're authorized to scan.

What runs on port 8554?

Port 8554 is a common alternate RTSP port. It runs the same Real Time Streaming Protocol as 554, used by IP cameras, NVRs, and media servers (including the popular live555 stack) when 554 is unavailable or a second instance is needed. RTSP handles the control channel (DESCRIBE, PLAY, PAUSE) while the media flows over RTP.

Why it matters for security

Running RTSP on a non-default port provides no real security. As on 554, many devices ship with default or no credentials and get exposed to the internet, turning 8554 into a live window an attacker can open. Exposed streams leak privacy and serve as a network foothold, and weak firmware adds exploitable bugs.

How it's attacked

Attackers scan for open RTSP on alternate ports like 8554 and try to DESCRIBE/PLAY unauthenticated streams to instantly view feeds. They brute-force stream URLs/paths (vendor-specific endpoints) and brute-force credentials, while search engines and botnets index exposed RTSP.

Hardening checklist

Require authentication and change every default credential. Never expose RTSP to the internet — place devices on an isolated VLAN and reach feeds via a VPN or secured gateway. Patch firmware and disable unused RTSP endpoints, and apply the same controls to 8554 as to standard 554. Use the nmap snippet above only against devices you are authorized to test.

Related ports

Port 554Port 8000Port 80Port 1935

Frequently asked questions

How does port 8554 differ from RTSP port 554?
It is the same protocol, just on an alternate port. Servers like live555 and many IP cameras use 8554 when 554 is taken or to run a second instance. The same risks and hardening as standard RTSP apply.
Why are RTSP streams on 8554 a security risk?
Like 554, many devices expose RTSP with default or no credentials, letting anyone open the live feed. Using an alternate port does not provide security — authentication and network isolation do.