Port 672: VPPS-QUA — The NetInfo Ghost

Port 672 is a monument to obsolescence. It's officially registered to VPPS-QUA, a protocol that served Apple's NetInfo directory service. NetInfo managed network information on Mac OS X systems—user accounts, email configurations, network filesystems, printers. It was Apple's own directory service, built for the early days of Mac OS X.

NetInfo was removed from Mac OS X in 2005¹. Port 672 has been registered to a dead service for nearly twenty years.

What VPPS-QUA Was

VPPS-QUA (the name likely stands for "Virtual Protocol Ports Service - Quality Assurance," though no official documentation confirms this) ran on both TCP and UDP port 672². It was part of Mac OS X's RPC-based services infrastructure, used by NetInfo to communicate across networks.

NetInfo itself was a hierarchical distributed database that stored administrative data—everything from user credentials to printer configurations to network mounts³. It was Apple's answer to directory services when Mac OS X launched in 2000.

Users and administrators hated it.

The Death of NetInfo

NetInfo was not popular. It was proprietary, unfamiliar, and incompatible with the LDAP-based directory services that had become the industry standard. Apple began migrating away from NetInfo almost immediately after releasing it.

The replacement was Open Directory, which appeared in Mac OS X Server 10.2 Jaguar in 2002⁴. Open Directory was standards-based, LDAP-compatible, and actually worked the way network administrators expected. By Mac OS X 10.5 Leopard (released in 2007), NetInfo was completely gone—subsumed by Open Directory on both client and server systems⁴.

Port 672 was left behind. The IANA registration remains. The protocol name is still listed. But nothing listens there anymore.

Why Port 672 Still Matters

Port 672 is a reminder that the Internet's port registry is not just a list of active services—it's a historical record. Protocols are born, serve their purpose, and die. But their port numbers remain, like gravestones marking what once ran there.

If you scan port 672 on a modern Mac, you'll find nothing. The service is gone. Open Directory uses different ports (LDAP on 389, Kerberos on 88, others)⁵. Port 672 is silent.

But the registration persists because IANA doesn't delete assignments lightly. Port numbers are a finite resource in the well-known range (0-1023), and once assigned, they're rarely reclaimed. Port 672 sits there, officially reserved for a protocol that no longer exists, unavailable for reassignment even though nothing uses it.

Security Implications

If you find port 672 open on a modern system, something is wrong. Either:

• An extremely old Mac OS X system (pre-10.5) is still running NetInfo—which would be a severe security risk given that OS hasn't received patches in over fifteen years
• Malware is masquerading as a legacy service, using an abandoned port specifically because administrators might not notice traffic there
• A misconfigured service has accidentally bound to port 672

In any case, port 672 should not be open on contemporary networks.

How to Check Port 672

On macOS or Linux:

# See if anything is listening on port 672
sudo lsof -i :672

# Or using netstat
netstat -an | grep 672

On Windows:

netstat -an | findstr :672

If anything is listening on port 672 in 2026, investigate immediately.

The Well-Known Port Range

Port 672 sits in the well-known ports range (0-1023), which is assigned by IANA for standardized services. These ports require root/administrator privileges to bind to on Unix-like systems, which was meant to prevent unauthorized services from impersonating trusted protocols.

But VPPS-QUA demonstrates the problem with this model: once a well-known port is assigned, it's effectively locked forever, even when the service dies. Port 672 is unusable for any new protocol because it's still officially registered to VPPS-QUA. It's reserved space for a ghost.