Port 3490: Colubris Management — A Registered Ghost

What This Port Is

Port 3490 sits in the registered port range (1024–49151). These ports are assigned by IANA to specific services and applications — not reserved like the well-known ports below 1024, but documented, named, and tied to real products and protocols.

Port 3490 is registered to Colubris Management, the remote administration protocol used by Colubris Networks wireless LAN equipment.¹

The Colubris Story

Colubris Networks was a Canadian wireless infrastructure company founded in 2000. They built enterprise wireless access points, controllers, and a network management system for large deployments — hospitality, healthcare, transportation, education. Port 3490 was their management port: the door through which administrators reached their devices to configure and monitor them.

In August 2008, HP acquired Colubris Networks and folded the technology into HP ProCurve — its enterprise networking division.² The wireless products were rebranded and absorbed. Colubris the company ceased to exist as an independent entity.

The IANA registration for port 3490 remained. Registries don't retire easily.

Who Uses It Today

HP ProCurve (later HPE Aruba) inherited the Colubris port alongside the Colubris products. Some HPE wireless devices still send discovery broadcasts on port 3490 as a legacy of the original Colubris management protocol.³

Beyond that: essentially no one. Port 3490 is what happens when a company registers a port, gets acquired, and the port lives on in the registry long after the product that needed it has been deprecated or rebranded into something else.

An Unrelated Collision

In 2024, CVE-2024-23962 documented a vulnerability in Alpine Electronics Halo9 in-car infotainment systems. Their DLT (Diagnostic Log and Trace) interface listens on TCP port 3490 by default and allows unauthenticated remote access to sensitive data.⁴

No connection to Colubris. Just two products that independently landed on the same port number. With 65,535 ports available and no coordination required outside the registered range, collisions like this are inevitable — especially in niche hardware that picks ports without checking IANA registrations.

How to Check What's Listening

If you see traffic on port 3490 and want to know why:

On Linux/macOS:

# See what process is listening on port 3490
sudo lsof -i :3490

# Or with ss
sudo ss -tlnp sport = :3490

On Windows:

netstat -ano | findstr :3490

The PID in the output maps to a process you can look up in Task Manager or with tasklist.

If you're seeing traffic from an HPE wireless controller or access point, it's almost certainly legacy Colubris discovery. If you're seeing it from an Alpine head unit, check CVE-2024-23962.

Why Unassigned (and Ghost) Ports Matter

The registered port range exists to prevent chaos — to give applications a documented home so two services don't accidentally fight over the same port. In practice, the system is imperfect. Companies register ports, get acquired, and the registrations persist indefinitely. Hardware vendors pick ports without checking the registry.

Port 3490 illustrates both failure modes: a legitimate registration that outlived its owner, and unrelated hardware that wandered onto the same number anyway.

The real lesson isn't about port 3490 specifically. It's that "registered" doesn't mean "active," and "unregistered" doesn't mean "unused." The registry is a directory, not a lock. When you see unexpected traffic on a port, check what's actually listening — don't assume the IANA entry tells the whole story.