1. Ports
  2. Port 2986

Port 2986: STONEFALLS — A Name Without a Protocol

What This Port Is

Port 2986 sits in the registered ports range (1024–49151). These ports are assigned by IANA to specific services and applications — not claimed on a first-come basis like dynamic ports, but not as strictly controlled as the well-known ports below 1024.

IANA lists port 2986 as assigned to STONEFALLS, on both TCP and UDP. That's where the trail ends.

The Ghost in the Registry

STONEFALLS has no RFC. No documentation. No public codebase. No company that appears to have shipped a product under that name using this port. It's listed in IANA's registry the way a name gets carved in stone — but the building it was meant for was never built, or was torn down without anyone noticing.

This is not unusual. The registered ports range was populated over decades, and some registrations were made by companies that pivoted, dissolved, or simply never finished what they started. The name survives. The protocol doesn't.

If STONEFALLS ever ran on this port in production, it did so quietly enough that no monitoring data, forum post, or security report has recorded it.

What You'll Actually Find Here

If you see traffic on port 2986, it's almost certainly not STONEFALLS. It's more likely:

  • Custom application traffic from software that chose this port arbitrarily
  • A misconfigured service that ended up here by accident
  • A development or testing server
  • Malware that picked an obscure registered port to blend in

The last case is worth noting. Attackers sometimes favor ports with legitimate-sounding IANA names precisely because basic port scanners will report "STONEFALLS" and confuse investigators.

How to Check What's Actually Listening

# On Linux/macOS — show what process owns port 2986
sudo lsof -i :2986

# Or with ss (modern Linux)
sudo ss -tlnp sport = :2986

# On Windows
netstat -ano | findstr :2986
# Then match the PID:
tasklist | findstr <PID>

If something is listening on this port and you don't know what it is, the process name from these commands is your starting point.

Why Unassigned (and Abandoned) Ports Matter

The port registry is a public contract. When a port has a name, tools and administrators treat it with a degree of trust — it looks legitimate, it won't trigger immediate alarms. Ghost registrations like STONEFALLS create cover, intentionally or not.

The healthiest posture: treat any traffic on an unfamiliar port as unknown regardless of what IANA calls it. The name is a label. The process running behind it is the truth.

Vorherige

Port 2985: HPIDSAGENT — Registered, but Silent

Nächste

Port 2987: ResolveNet IDENTIFY — A Registered Ghost

War diese Seite hilfreich?

😔
🤨
😃
Port 2986: STONEFALLS — A Name Without a Protocol • Connected