Port 2667: Registered, Unassigned — Vacancy in the Middle Range

What Range This Port Belongs To

Port 2667 falls in the registered ports range (1024–49151), sometimes called the "user ports" range. These ports are managed by IANA, which maintains a registry of service-to-port assignments to prevent conflicts.

The registered range sits between two better-defined zones:

• Well-known ports (0–1023): Reserved for core Internet services — HTTP, HTTPS, SSH, DNS, SMTP. These require elevated privileges to bind on most operating systems.
• Registered ports (1024–49151): Where applications register with IANA to claim a port number. Registration doesn't require approval, just submission. Many registered ports are active and widely used (PostgreSQL on 5432, Redis on 6379). Others were registered and abandoned.
• Dynamic/ephemeral ports (49152–65535): Assigned temporarily by the OS for outbound connections. Not registered.

Port 2667's Status

IANA's current registry lists no active service for port 2667. Some third-party port databases include a historical association with "alarm-clock-s" (Alarm Clock Server), but this designation never corresponded to widely deployed software. It's a ghost — a name without a protocol, a registration without an ecosystem.

Security History

Port 2667 has been flagged in security databases as a port historically used by malware for command-and-control communication. Unassigned registered ports are attractive to malware authors precisely because there's no legitimate traffic baseline — outbound connections to an unassigned port are harder to explain away as normal application behavior.

If you see unexpected traffic on port 2667, treat it seriously.

How to Check What's Listening on This Port

Linux/macOS:

# Show what process is bound to port 2667
ss -tlnp | grep 2667

# Or with lsof
lsof -i :2667

Windows:

netstat -ano | findstr :2667

Then match the PID to a process:

tasklist | findstr <PID>

If something is listening on port 2667 and you don't recognize it, that warrants investigation.

Why Unassigned Ports Matter

The port registry exists to create a shared vocabulary. When port 443 means HTTPS on every machine on the Internet, firewalls can make sensible default decisions, network monitoring tools know what "normal" looks like, and administrators know what to expect.

Unassigned ports break that vocabulary. They're not inherently dangerous — every custom application needs a port, and most developers pick something in the registered range. But they require more scrutiny. There's no RFC to check, no default behavior to expect. What's on port 2667 depends entirely on what's running on the specific machine you're looking at.