1. Ports
  2. Port 2673

Port 2673: First Call 42 — A Registration with No Story

What This Port Is

Port 2673 lives in the registered port range (1024–49151), the tier of the port number space where organizations and developers can formally stake a claim through IANA. Unlike the well-known ports below 1024, registered ports don't require elevated system privileges to open — any process can bind to them.

IANA's registry lists port 2673 as assigned to a service called First Call 42, registered to one Luke Bowen at leb@tfn.com, for both TCP and UDP.1 That's the entirety of the paper trail. No RFC. No specification. No documentation of what the service does, what protocol it speaks, or what "42" refers to. The domain associated with the email address has no traceable history.

The Ghost Registration Problem

The IANA port registry contains thousands of entries like this one: a name, a contact, a date, and nothing else. Registered ports require no ongoing obligation. Once you claim one, it stays claimed unless IANA reclaims it — which rarely happens.

"First Call 42" is almost certainly a product or service that was planned, maybe partially built, and then abandoned. The registration is a fossil: evidence that something once intended to use this port, without any indication of what that something was.

This pattern is common enough to have a name in networking circles: ghost registrations. They don't cause harm directly, but they create ambiguity. If you see traffic on port 2673, the IANA record offers no guidance on whether it's expected or suspicious.

Security Posture

Port 2673 has appeared in historical lists of ports associated with malware communications.2 This isn't unusual — attackers often choose registered-but-obscure ports precisely because they're unlikely to be blocked by default firewall rules and unlikely to trigger alerts tuned to the well-known ports.

The lack of any legitimate documented service using this port means that if you see it in your traffic, there's no benign explanation to reach for first.

How to Check What's Using This Port

On Linux or macOS:

# See what process is listening on port 2673
sudo lsof -i :2673

# Or with ss (modern Linux)
sudo ss -tlnp | grep 2673

On Windows:

netstat -ano | findstr :2673

The process ID from these commands can then be cross-referenced in your process manager to identify what's running.

পূর্ববর্তী

Port 2672: nhserver — A Registered Ghost

পরবর্তী

Port 2674: ewnn — A Registered Name That Explains Nothing

এই পৃষ্ঠাটি কি সহায়ক ছিল?

😔
🤨
😃