What Port 1879 Is
Port 1879 sits in the registered port range (1024-49151). These ports are allocated by IANA to specific services and applications, unlike the well-known ports below 1024 (which are reserved for fundamental protocols like HTTP, SSH, and DNS) or the ephemeral ports above 49151 (which operating systems assign dynamically to outgoing connections).
IANA lists port 1879 as assigned to NettGain NMS (Network Management System) on both TCP and UDP, with Dr. Yair Shapira listed as the assignee and contact.1 Beyond that registration, NettGain NMS has essentially no presence on the modern Internet. No documentation. No product pages. No community. The port number survived the product.
This is not unusual. The registered port range contains hundreds of allocations for products and companies that no longer exist. IANA registrations don't expire.
The Security History
Port 1879 has one notable entry in security records: W32.Zori.B, a worm documented by Symantec in 2005. The malware spread through network shares, deleted files, and opened a backdoor on port 1879/TCP to receive remote commands from an attacker.2
The port's obscurity was the point. Attackers sometimes choose unrecognized port numbers specifically because they don't trigger pattern-based alerts. A connection to port 80 is normal. A connection to port 1879 is invisible to anyone who isn't looking.
What's Likely on Port 1879 Today
Almost certainly nothing intentional. If you see traffic on port 1879, the realistic explanations are:
- A misconfigured or legacy application using a non-standard port
- Malware or a compromised system (historically associated with backdoors)
- A port scan hitting your system
- Dynamic assignment overlap (less common with registered ports, but possible)
How to Check What's Listening
On Linux/macOS:
On Windows:
If something is listening on this port and you didn't put it there, investigate before assuming it's benign.
Why Unassigned-in-Practice Ports Matter
The registered port range exists to prevent collisions — two applications fighting over the same port number. But registration requires only a name and a contact. There's no verification that the software ships, scales, or survives. The result is a port namespace littered with allocations for products that never shipped, companies that folded, and protocols no one ever implemented.
Port 1879 is a clean example: officially assigned, effectively orphaned, and notable primarily because a piece of 2005 malware chose it as a hiding spot. The lesson is that port numbers are not inherently meaningful. What matters is what's actually listening.
Cette page vous a-t-elle été utile ?