What This Port Is
Port 2140 sits in the registered port range (1024–49151). These ports are managed by the Internet Assigned Numbers Authority (IANA), which maintains a registry of which services use which port numbers. The registered range is where most well-known application protocols live — databases, messaging systems, custom enterprise software.
IANA has assigned port 2140 the service name ias-reg, listed for both TCP and UDP.1 That's the entirety of the official record. There is no RFC describing the protocol. No documentation explaining what "IAS-REG" stands for or what it does. The assignment exists, but it's an empty room.
What It's Actually Used For
In practice, port 2140 has a reputation that has nothing to do with whatever "ias-reg" was supposed to be.
Security databases flag it as a historic address for Remote Access Trojans (RATs), including Deep Throat, Foreplay, and The Invasor — malware from the late 1990s and early 2000s that used this port for command-and-control communication.2 These threats are long obsolete, but the association stuck.
Today, if port 2140 appears open on a system, it's almost certainly a custom application, development service, or misconfiguration — not "ias-reg," and hopefully not malware.
How to Check What's Listening
If you see traffic on port 2140 and want to know what's using it:
On Linux/macOS:
On Windows:
The process ID will tell you exactly what program opened the port.
Why Unassigned-in-Practice Ports Matter
The IANA registry was designed to prevent conflicts — if everyone knows port 25 is SMTP, nobody else uses port 25. But registration without documentation creates its own problem: a port with a name but no spec is effectively unclaimed in practice, even if it's technically "assigned."
Port 2140 is a small example of this. The registry says it belongs to something. Nobody knows what. The rest of the Internet treats it as open territory.
For network operators, this is worth knowing: "registered" does not mean "documented," and "unassigned" does not always mean "unused." When auditing firewall rules or investigating unexpected traffic, always check what's actually listening — the IANA label is a starting point, not an answer.
Czy ta strona była pomocna?