Port 3637: scservp — A Ghost Registration

Port 3637 sits in the registered port range — officially claimed, practically abandoned.

The Official Story

In November 2002, port 3637 was registered with IANA under the service name scservp, described as "Customer Service Port." It was registered by Jonathan A. Zdziarski for both TCP and UDP. ¹

What "Customer Service Port" actually meant — what software it was built for, what protocol it spoke — is lost to time. The registration exists in the IANA database, but no widely deployed software ever used it under that name. It's a placeholder that never became a product.

Jonathan Zdziarski himself went on to a very different kind of fame: he became one of the foremost researchers in iOS forensics, testified before Congress about iPhone security, and later joined Apple's security team. Port 3637 is an early-career footnote he likely hasn't thought about in two decades. ²

The Unofficial Use

Port 3637 also appears in security databases as associated with F-Prot Antivirus Update Status Monitor — a component of F-Prot, an Icelandic antivirus product that was once a respected name in endpoint security. F-Prot's update mechanism reportedly used this port to check and report update status on Windows installations. ³

F-Prot for Windows is no longer actively developed. The software is effectively defunct. If you see port 3637 active on a modern machine, it isn't F-Prot.

What Range This Port Belongs To

Port 3637 is a registered port — the range from 1024 to 49151, maintained by IANA. ¹

Registered ports sit between the well-known ports (0–1023, reserved for foundational protocols like HTTP, DNS, and SSH) and the ephemeral ports (49152–65535, used temporarily by operating systems for outbound connections).

Being "registered" means an organization or individual filed a claim with IANA. It does not mean the service is widely used, currently active, or even real. The registered range contains thousands of ports like 3637 — claimed once, then quietly forgotten.

What's Actually Listening Here

On most systems, nothing. If you want to check:

macOS / Linux:

# Show what process is listening on port 3637
sudo lsof -i :3637

# Or with ss (Linux)
ss -tlnp | grep 3637

Windows:

netstat -ano | findstr :3637

If something shows up unexpectedly, cross-reference the process ID with Task Manager or ps aux. A registered port with a dormant official use is an easy hiding spot.

Why Unassigned and Ghost Ports Matter

The port space is finite: 65,535 ports total. The registered range alone spans 48,000+ ports. Most of them are like 3637 — claimed or informal, never widely implemented.

This matters for security: unassigned and ghost ports are exactly where informal services, internal tools, and occasionally malware set up shop. They fly under the radar because no one expects traffic there. A port scanner that finds activity on 3637 should prompt the same question as any other unexpected open port: what is this, and does it belong here?