Port 1207 sits in the registered ports range (1024-49151), officially assigned to a service called "metasage." But if you go looking for information about what MetaSage actually is, you'll find almost nothing. No RFC. No documentation. No widely-used software that anyone remembers. Just a name in the IANA registry and a port number.1
This is the reality of thousands of registered ports—someone applied for them decades ago, IANA granted the assignment, and then the service either never took off or faded into obscurity. The port number remains, a bureaucratic artifact of something that might never have mattered.
The Dual Life of Port 1207
What makes port 1207 interesting isn't its official assignment. It's what actually happens on this port in the real world.
The trojan: In the late 1990s, a remote access trojan called SoftWAR used port 1207 to communicate. SoftWAR was a keylogger that worked on Windows 95 and Windows 98, with versions in English and French. It's ancient history now—Windows 98 is decades dead—but port 1207 still appears in security databases as a "suspicious port" because of this association.2
The random choice: Microsoft Exchange servers, when not configured for static ports, sometimes choose port 1207 randomly to communicate with Outlook clients. This is perfectly legitimate traffic. It has nothing to do with MetaSage (whatever that was) or SoftWAR. It's just a server picking a high port that happens to be available.3
The same port number. Two completely different stories.
What the Registered Range Means
Port 1207 belongs to the registered ports range (1024-49151). These ports are assigned by IANA to specific services upon request, but they're not protected the way well-known ports (0-1023) are. Any application can listen on port 1207 if nothing else is using it.
This is different from the dynamic/ephemeral range (49152-65535), where ports are specifically reserved for temporary use by client applications. Registered ports have names and official assignments, even if those assignments are functionally meaningless.
The registered range is full of ports like 1207—officially assigned to services that never became important, while being used unofficially by everything from legitimate enterprise software to malware.
How to Check What's Listening
If you want to know what's actually using port 1207 on your system:
On Linux or macOS:
On Windows:
You might find nothing. You might find Exchange. You might find something unexpected. The port assignment doesn't tell you—you have to look.
Why Unassigned Ports Matter
Port 1207 isn't unassigned—it's registered to MetaSage. But it's functionally unassigned because almost nothing uses it for its intended purpose.
These ports matter because they show how the Internet actually works versus how it was designed to work. The port registry was supposed to bring order—every service gets a number, everyone knows what traffic is what. But in practice, applications use whatever ports they want, administrators configure whatever works, and the official assignments become historical artifacts.
Port 1207 is registered to something no one remembers. It's been used by a trojan no one's seen in 20 years. It's sometimes used by Exchange servers that don't care about the official assignment. And most of the time, it's probably not used at all.
That's the real story of most ports in the registered range.
War diese Seite hilfreich?