Port 1472 lives in the registered port range (1024-49151) and was designated for remote administration of Novell NetWare servers. If you've never heard of NetWare, you're not alone—but in the 1990s, it was everywhere.
What NetWare Was
Novell NetWare was a network operating system that dominated corporate networks from the mid-1980s through the late 1990s. Before Windows Server became ubiquitous, NetWare was how offices shared files and printers. The first NetWare product appeared in 1983, running on Novell's proprietary hardware.1
Port 1472 was part of that ecosystem—a specific channel for remote administration tasks that let network administrators manage servers without sitting at the console.
What Happened to It
NetWare didn't die suddenly. It faded. As TCP/IP became the universal protocol and Windows Server gained ground, NetWare's proprietary IPX/SPX protocol stack became a liability. Novell added TCP/IP support in NetWare 5.0 in 1998, but by then the momentum had shifted.2
Today, you're unlikely to encounter port 1472 being used for its original purpose. Most NetWare installations have been migrated or decommissioned. The port remains in the IANA registry, a fossil from another era of networking.
The Security Problem
Abandoned ports attract opportunists. Because port 1472 is rarely monitored and almost never used legitimately anymore, it has been exploited by malware looking for quiet communication channels. Security databases flag it as having been used by trojans in the past—not because the port itself is malicious, but because malware authors know it's typically unwatched.3
If you see traffic on port 1472 today, it's worth investigating. It's probably not NetWare.
The Registered Port Range
Port 1472 belongs to the registered port range (1024-49151). These ports are assigned by IANA for specific services, but the assignment doesn't prevent other software from using them. Anyone can write a program that listens on port 1472—the registration is more about documentation than enforcement.
The well-known ports (0-1023) require root privileges to bind to on Unix systems, offering some protection. Registered ports like 1472 don't have that restriction. They're available to any process that wants them.
How to Check What's Using Port 1472
On Linux or macOS:
On Windows:
If something is listening, you'll see the process ID. From there you can determine whether it's legitimate or worth investigating further.
Why Unassigned and Forgotten Ports Matter
The Internet runs on 65,535 possible ports per protocol (TCP and UDP). Most of them are empty at any given moment. But the ones that are registered and then abandoned—like 1472—create a peculiar vulnerability.
They're documented, so attackers know they exist. They're unused, so defenders aren't watching them. They're part of the official registry, so traffic on them doesn't immediately look suspicious.
Port 1472 is a reminder that the Internet carries its history with it. Protocols fade, companies disappear, network operating systems become obsolete—but the port numbers remain, waiting in the registry, occasionally repurposed by software that has nothing to do with their original intent.
Related Ports
- Port 524 - NetWare Core Protocol over TCP/IP (introduced in NetWare 5.0)2
- Port 213 - IPX protocol used by earlier NetWare versions
- Ports 1024-49151 - The full registered port range where 1472 resides
Cette page vous a-t-elle été utile ?