Port 2120: QENCP — A Registered Ghost

Port 2120 belongs to the registered port range (1024–49151). These ports are allocated by IANA to specific services and applications — anything from database servers to media streaming protocols to proprietary vendor tools. Unlike the well-known ports below 1024, registered ports don't require elevated privileges to use, which makes them attractive to application developers who need a stable, named address.

Port 2120 is technically registered. IANA lists it as QENCP — Quick Eagle Networks CP, a control protocol for Quick Eagle Networks, a company that made WAN access devices for frame relay and IP networks.¹ The assignment covers both TCP and UDP. The company is effectively gone. The protocol is undocumented in any public RFC or specification. Nobody uses this port for QENCP anymore.

Some security databases also list port 2120 in connection with a remote kauth service — an authentication delegation mechanism — though this appears to be informal observation rather than an official assignment, and it's not widely implemented.²

What This Port Is in Practice

Vacant. Unless you've deliberately deployed something here, port 2120 on your system is almost certainly closed.

If it is open, that's worth investigating. A registered-but-dormant port makes a convenient hiding spot for software that wants to look legitimate — the port has a name in the registry, which can lend false authority.

How to Check What's Listening

On Linux or macOS:

ss -tlnp | grep 2120
# or
lsof -i :2120

On Windows:

netstat -ano | findstr :2120

If something shows up, find the process ID, then look up what process owns it:

# Linux/macOS — replace PID with the number from the output above
ps aux | grep <PID>

# Windows
tasklist | findstr <PID>

Why Ghost Registrations Matter

The IANA registry contains thousands of ports registered to companies, projects, and protocols that no longer exist. These aren't freed and reassigned — they sit, technically occupied, practically empty.

This matters for two reasons. First, it creates ambiguity: if you're trying to understand why a port appears "registered" in your scanning tool, the answer might be a defunct WAN vendor from the early 2000s. Second, the practical vacancy means any software can use port 2120 for anything, and it often does.

The registered port range was designed to bring order to application networking. The ghost registrations are a reminder that systems built by humans accumulate history, and history doesn't clean up after itself.