What Port 2772 Is
Port 2772 sits in the registered ports range (1024–49151), the middle tier of the port numbering system. Below 1024 are the well-known ports — HTTP, HTTPS, SSH — reserved for foundational protocols. Above 49151 are the ephemeral ports, grabbed temporarily for outgoing connections. The registered range is where services claim a home port with IANA, the organization that keeps the global ledger.
IANA lists port 2772 as assigned to a service called "auris" on both TCP and UDP.1 Auris is Latin for ear. What this service actually does, who registered it, or whether anything actively uses it — that's harder to find. The registration exists. The ecosystem around it doesn't seem to.
The Port's Real Life: AWS AppConfig Agent
The most significant actual use of port 2772 has nothing to do with "auris." It's the default listening port for the AWS AppConfig Agent.2
AWS AppConfig is Amazon's service for managing application configuration and feature flags — the kind of values you want to change without redeploying code. The problem with fetching configuration from a remote service is that every call adds latency, every outage is your outage, and every burst of requests costs money.
The AppConfig Agent solves this with a pattern called a sidecar: a small background process that runs alongside your application and handles the complexity so your code doesn't have to.
Here's how it works:
- The agent starts and registers with AWS AppConfig
- It polls for configuration updates on its own schedule
- It caches the current configuration in memory
- Your application fetches configuration by calling
http://localhost:2772— never AWS directly
Or for a specific flag:
The application never has to manage AWS credentials for this call, never has to implement retry logic, never has to worry about what happens if AWS has a momentary hiccup. The agent handles all of it. The application just asks localhost.
This pattern runs across EC2, ECS, EKS, Lambda, and on-premises deployments.3 Port 2772 is configurable — if something else is already using it, you can change it — but 2772 is the default, and most AWS documentation assumes it.
Historical Security Note
Port 2772 has an old association with Sub7 (SubSeven), a remote access trojan that was prominent around 1999–2001. Sub7 was configurable and could use various ports; 2772 appeared in some of its configurations.4 This is historical. If you see port 2772 open on a machine that isn't running an AppConfig agent, it's worth investigating — not because Sub7 is a current threat, but because any unexpected open port deserves a look.
How to Check What's Listening
On Linux or macOS:
On Windows:
If you see aws-appconfig-agent in the output, that's expected. If you see something you don't recognize, investigate before dismissing it.
Why Unassigned (or Ambiguously Assigned) Ports Matter
The registered port range contains thousands of entries like "auris" — names attached to port numbers with no active ecosystem behind them. This matters for a practical reason: software authors pick ports too, sometimes without checking the registry, and sometimes because the registry entry is dormant and the port is effectively free.
Port 2772 is a good example. AWS picked it for the AppConfig Agent's default. The IANA "auris" registration exists but doesn't appear to conflict with anything in practice. The port is now effectively known for one thing: local configuration caching.
The lesson for anyone designing networked software: check the registry before you pick a port, check what's actually in use after that, and treat your choice as a default the operator can override.
Related Ports
- 2771 — unassigned
- 2773 — KnowShowGo P2P (registered); sometimes listed alongside 2772 in older port surveys
- 27374 — Sub7's primary default port (the one most associated with the trojan)
Frequently Asked Questions
Apakah halaman ini membantu?