What Port 1906 Is
Port 1906 sits in the registered port range (1024-49151). These ports are assigned by IANA upon application — they aren't reserved by default like the well-known ports below 1024, but they're not random either. Something owns them, at least on paper.
Port 1906's official owner is tpmd, described as "TPortMapperReq." The registration exists. Documentation beyond that is nearly absent — no RFC, no active open-source implementation anyone can point to, no community of users discussing it. IANA assigned it a name, and the name went quiet.
The Honest Story
When something this obscure has a reputation at all, it's usually not a good one.
Port 1906 is associated with Backdoor.Verify, a trojan that opens TCP ports 1906 and 1907 together to enable remote access to a compromised machine. More capable variants (Backdoor.Win32.Verify.h) allow unauthenticated remote command execution — meaning anyone who finds the open port can send commands to the infected host without so much as a password.1
This doesn't mean every machine with port 1906 open is infected. Some application could be using it for something entirely legitimate. But the absence of any known common legitimate use means the calculus tilts toward suspicion.
How to Check What's Listening
If you spot port 1906 open on a host and want to know what's using it:
On Linux/macOS:
On Windows:
The process ID in the output can then be cross-referenced with Task Manager or tasklist to identify the owning process.
Why Unassigned and Obscure Ports Matter
The registered port space contains thousands of ports like 1906 — officially named, practically unused, occasionally occupied by something that has no business being there. This is one reason security audits include port scanning: an open port you can't explain is a question that deserves an answer.
The port system works best when every open port corresponds to a known, expected service. When it doesn't, that's signal.
Frequently Asked Questions
क्या यह पृष्ठ सहायक था?