The Unknown "Well-Known Ports"

Wed 13 April 2011

If you’re a Linux or Mac user, you’ve probably stumbled upon the /etc/services/ file, which is a listing of the registered protocols and ports made by the Internet Assigned Numbers Authority (this file can also be viewed here). The port numbers 0 through 1023 are considered "well-known" ports, and use is restricted of those ports is restricted to protocols registered with IANA. However, while checking the IANA file, I noticed several interesting ports that I had never noticed before.

  • Port 586 - "Password Change" This one seems like an odd one. What password is changed? Is there an RFC for this one? I can only imagine that I telnet to the connection and get a prompt asking me to change my password.
  • Port 533 - "netwall" The IANA description is "for emergency broadcasts". Sounds wicked, I wonder if any machines listen on that. My guess is that this would be for a net-enabled version of the wall utility. I’ve yet to find anything on the net about it, so I’m tempted just to make my own version of this just for kicks.
  • Port 553 - "Public Information Retrieval Protocol" This protocol was created and registered with IANA by Dan J. Bernstein (the guy who wrote qmail), so that’s a pretty good pedigree. However, from the look of it this protocol never got beyond a draft with the Internet Engineering Task Force (IETF is the de facto standards organization for the web), and as far as I know there’s nothing using it.
  • Port 569 - "Microsoft Rome" This port is likely one of ignorance on my part, likely because I’ve not used Microsoft products in quite a while. Besides a whole bunch of scareware sites talking about how trojans use it as a point of entry, I’ve not been able to find anything about this interestingly named port.
  • Port 767 - "Phonebook" From the IANA it looks like this one is registered to IBM. So many possibilities! Imagine a friendly little protocol that acts like the phone books of old! Mind, I guess that’s what search engines are for these days.
  • Port 801 - "Device" No description in the file, not even a registrant. I do wonder if anyone at IANA actually knows what this port’s for. Possibly someone was rather busy when filling out the paperwork and omitted, say, all the details. Happens all the time.
  • Ports 997, 998, and 999 - respectively "maitrd", "busboy", and "garcon" An excellent naming scheme for three adjacent ports. I have a funny feeling the names are metaphors for what’s going on datawise.
  • Port 1008 The IANA description for this port is "Possibly used by Sun Solaris????" That’s some fantastic record-keeping, guys, keep up the good work!

If you happen to know what these ports actually do, shoot me an email!