Port 100 has no officially assigned service. It sits in the well-known port range, registered to nothing, serving no standard protocol. But it was not always so anonymous.
The Ghost Name
In RFC 1340 (1992) and RFC 1700 (1994), port 100 appears with a curious annotation1:
Two words in brackets that tell an entire story. Someone, somewhere, ran a service on port 100 that created new user accounts on a Unix system over the network. The IANA noticed. They did not assign the port. They wrote "unauthorized use" and moved on.
The name "newacct" is short for "new account." In the early days of Unix networking, before SSH, before centralized identity management, before anyone had fully internalized what it meant to expose system administration to the network, someone built a service that let remote users request new accounts on a machine. They put it on port 100.
The IANA's response was not to formalize it. It was to flag it. That flag, "unauthorized use," is one of the earliest recorded instances of the Internet's governing bodies looking at a service and saying: this should not exist2.
What It Means to Be Unassigned
Port 100 falls in the well-known port range (0-1023). These ports are controlled by IANA and, on most operating systems, require root or system-level privileges to bind to3. This restriction exists precisely because of services like the one that once lived on port 100: if anyone could open a listener on a low port, the trust model of the entire system breaks down.
Being unassigned in the well-known range is not the same as being unassigned in the registered range (1024-49151) or the ephemeral range (49152-65535). A well-known port with no assignment is a reserved seat that no one has claimed through proper channels. The IANA keeps it empty deliberately, not by oversight.
Security Considerations
Port 100 has been observed in malware communication channels, though it is not prominently associated with any specific trojan family4. The logic is straightforward: an unassigned well-known port is a useful hiding place. Legitimate services rarely listen on it, so traffic on port 100 is almost always worth investigating.
If you see something listening on port 100, be suspicious. There is no standard service that should be there.
Checking What Is Listening on Port 100
On Linux:
On macOS:
On Windows:
If any of these return results, identify the process. If you did not put it there, find out who did.
Why Unassigned Ports Matter
The port numbering system works because of trust. When you connect to port 80, you expect HTTP. When you connect to port 443, you expect HTTPS. This expectation is only meaningful because IANA maintains the registry and most implementations respect it.
Unassigned ports are the negative space in this system. They are the silence between the notes. Port 100 sits between port 99 (Metagram Relay, itself obscure) and port 101 (NIC Host Name Server, also rarely seen in the wild). This stretch of the well-known range is a quiet corridor, ports assigned to protocols that mattered briefly or never quite caught on.
Port 100's story is the smallest possible version of a lesson the Internet keeps relearning: not every door should be opened, and not every service should face the network.
Related Ports
| Port | Protocol | Relationship |
|---|---|---|
| 99 | Metagram Relay | Previous assigned port |
| 101 | NIC Host Name Server | Next assigned port |
| 23 | Telnet | Another early remote access protocol with security problems |
| 513 | rlogin | Remote login, similar era of trust-based networking |
Frequently Asked Questions
Was this page helpful?