Port 891 sits in the well-known ports range (0-1023), the space reserved for the Internet's most fundamental services. But according to IANA, port 891 has no official assignment. It's empty space on the official map.
Except it isn't really empty.
What "Unassigned" Means
The well-known ports range is managed by IANA through a rigorous review process. Ports in this range are supposed to be assigned to specific services through IETF Review or IESG Approval. Port 891 never received that blessing.
But "unassigned" doesn't mean "unused." It means no one officially claimed it. And in that gap between official registry and network reality, port 891 has lived several lives.
The Apple Years
Apple used port 891 for ipcserver, a service that handled RPC (Remote Procedure Call) operations on Mac OS X systems.1 NetInfo, Apple's directory service that stored system configuration and user accounts, relied on ports in the 600-1023 range for its RPC infrastructure.
NetInfo is long deprecated—modern macOS uses other directory services. But for years, port 891 carried the traffic that let Mac systems share configuration data and manage accounts across networks.
Apple never officially registered it with IANA. They just used it.
The Malware Chapter
Port 891 also appears in malware databases. Trojan-Dropper.Win32.Hamer.10 used port 891 in conjunction with port 890.2 The attack pattern was simple: send a packet to port 890, which triggered the malware to open port 891. Then send junk data to port 891, causing a floating-point exception that crashed the trojan.
The vulnerability was documented not because port 891 was special, but because malware authors needed a port and found an unassigned one.
Why Unassigned Ports Matter
The port number system has three ranges:
- Well-known ports (0-1023): Assigned by IANA, require elevated privileges to bind
- Registered ports (1024-49151): Assigned by IANA upon request, user-level access
- Dynamic/ephemeral ports (49152-65535): Never assigned, used for temporary connections
Port 891 is in the well-known range but lacks an assignment. This creates an odd situation: it requires root/administrator privileges to use, but has no official purpose. Software vendors sometimes claim these gaps for their own services, betting that IANA won't assign them later.
Sometimes that bet pays off. Sometimes it creates conflicts when two different applications both decide to use the same "empty" port.
What's Listening on Port 891?
On most modern systems, probably nothing. But you can check:
Linux/Mac:
Windows:
If something responds, you've found software living in the gap.
The Honest Truth
Port 891 is officially unassigned. That's what IANA says. But networks don't always follow official documentation. They follow what software actually does. And port 891 has been used—by Apple, by malware, probably by other software that never bothered to register.
This is the reality of port numbers: the official registry is a map, but the territory doesn't always match. Port 891 exists in that difference.
Frequently Asked Questions About Port 891
Was deze pagina nuttig?