Port 1761: The Ghost Assignment

Port 1761 sits in the registered ports range (1024–49151). These ports are tracked by IANA and require organizations to submit a registration request — but registration doesn't mean active use, public documentation, or any real accountability for what ends up listening there.

IANA lists port 1761 as assigned to cft-0 on both TCP and UDP. What is cft-0? Nobody seems to know. There's no RFC, no public specification, no vendor that claims it. The name exists in the registry. The documentation doesn't.

What Actually Used This Port

While cft-0 remained a ghost, port 1761 became associated with a generation of enterprise remote control software:

Novell ZENworks Remote Control used port 1761 for administrative sessions. When an IT administrator initiated a remote control session through the ZENworks management console, the console connected to port 1761 on the target machine. The client device ran a ZENworks agent that listened on this port, accepting connections and transmitting live screen data, keyboard input, and mouse movements back to the administrator. It was, in essence, a window into your desktop — opened by someone else, from across the building or across the campus.

Microsoft Systems Management Server (SMS) also used port 1761 for remote management functions including rights verification, remote reboot, and remote execution.

The Security Problem

Port 1761 carries a warning in security databases. Novell ZENworks Desktop Management had documented heap-based buffer overflow vulnerabilities that attackers could exploit via specially-crafted packets sent to this port. An unpatched system with port 1761 open could be compromised for remote code execution with SYSTEM privileges — the highest level of access on a Windows machine.

The remote control tools on this port also transmitted session data unencrypted by default, making them appropriate only for internal, trusted networks.

How to Check What's Listening

If you see port 1761 active on a system, here's how to investigate:

On Linux/macOS:

# Show what process is listening on port 1761
ss -tlnp | grep 1761
# or
lsof -i :1761

On Windows:

# Show listening ports with process IDs
netstat -ano | findstr :1761

# Then look up the PID
tasklist | findstr <PID>

If you find something listening on 1761 and you're not running ZENworks or legacy Microsoft SMS infrastructure, it's worth investigating. Legitimate modern software rarely uses this port.

Why Unassigned and Ghost Ports Matter

The registered ports range exists to reduce collisions — so two applications don't accidentally pick the same port and interfere with each other. But registration is imperfect. Ports get assigned to services that never shipped, or to internal codenames that were never documented publicly.

Port 1761 is a small example of how the port registry works in practice: official names that mean nothing, real uses that accumulate anyway, and security implications that outlast the software that created them.

• Port 1761 (tcp/udp) :: SpeedGuide
• Port 1761 — ZENworks Remote Control :: WhatPortIs
• EventTracker KB — Port 1761, ms-sms
• IANA Service Name and Transport Protocol Port Number Registry