Port 2006 sits in the registered port range (1024-49151). These ports are not reserved for operating system use, but they are registered with IANA — the Internet Assigned Numbers Authority — meaning someone formally claimed them for a specific purpose.
The key word is claimed. Claiming a port is easy. Building something lasting is harder.
What's Registered Here
IANA's records show two assignments for port 20061:
- TCP: invokator — a service name that appears in port databases but has almost no surviving documentation about what it actually did or who built it
- UDP: raid-cd — part of a cluster of RAID-related service registrations in the 2006-2015 range, alongside names like raid-am, raid-ac, raid-sf, and raid-cs
The RAID cluster is worth noting: these weren't disk RAID arrays. They appear to have been application-level services using "RAID" as an acronym for something else entirely — but the original documentation is gone, and what remains are just names in a registry.2
"Invokator" is even more opaque. It sounds like it was meant to invoke remote processes of some kind. Nobody seems to know. It's a digital fossil — a name without a body.
Security: One Known Bad Actor
Port 2006 has been documented as a communication channel for W32.Jalabed, a Windows worm.3 Like many worms, it used an unguarded registered port to establish persistence and communicate. If you see unexpected traffic on port 2006, that's worth investigating — not because the port is inherently dangerous, but because it's quiet enough that traffic there is unusual.
What's Actually Listening on Your System
The way to find out what's using any port is to ask the OS directly:
macOS / Linux:
Windows:
If nothing is listening, the port is closed. If something is, you'll get the process name and PID. Look that up before deciding whether to worry.
Why Unassigned-in-Practice Ports Matter
The registered port range contains tens of thousands of entries. Many were claimed years or decades ago by projects that stalled, companies that folded, or protocols that never gained adoption. They remain in the registry, technically assigned, practically inert.
This matters for a few reasons:
- Security scanners will flag open registered ports as potentially significant, even if what's listening is benign custom software
- Firewall rules often block unfamiliar registered ports by default, which means legitimate custom applications on these ports can get silently dropped
- Malware exploits this ambiguity — using registered-but-obscure ports to blend in, counting on administrators to assume something official is supposed to be there
Port 2006 is a useful reminder that the port registry is a snapshot of intentions, not a map of what's actually running on the Internet.
Frequently Asked Questions
Hasznos volt ez az oldal?