Port 145 is assigned. That much is certain. The IANA Service Name and Transport Protocol Port Number Registry lists it under both TCP and UDP for something called the "UAAC Protocol."1 The contact is David A. Gomberg at MITRE. The email address bounces. And that is where the trail goes cold.
What Is the UAAC Protocol?
Nobody knows.
This is not an exaggeration or rhetorical device. In 2002, security researcher Suzy Clarke at Cap Gemini Ernst & Young tried to answer this exact question. She searched every RFC. She searched Google. She contacted IANA, who referred her to David Gomberg at MITRE. His email, gomberg@gateway.mitre.org, was dead. She contacted Ryan Russell at SecurityFocus, one of the foremost security researchers of the era. He didn't know either.2
The UAAC Protocol is one of the most enigmatic entries in the entire IANA port registry. It occupies a well-known port (0 through 1023), the range reserved for established, important services assigned through IETF Review or IESG Approval.3 Ports in this range include HTTP (80), HTTPS (443), SSH (22), and DNS (53). Port 145 sits among them, officially registered, completely unexplained.
Cisco's NBAR2 (Network-Based Application Recognition) system recognizes UAAC as a classifiable protocol.4 FreeBSD includes it in /etc/services by default. But recognition is not the same as understanding. The networking infrastructure of the world acknowledges port 145 exists without anyone being able to say what it was supposed to do.
The Worm That Found an Empty Room
In 2001, the XC telnetd worm appeared. It exploited vulnerabilities in BSD-based telnet daemons, and among its payloads, it installed a rootshell backdoor on TCP port 145.2
This was not a coincidence. Worm authors choose their backdoor ports carefully. An unassigned or obscure port is less likely to be monitored, less likely to trigger alarms, less likely to conflict with legitimate services. Port 145 was perfect: officially claimed, so it appeared in service files and looked semi-legitimate, but completely unused, so nothing would collide with the backdoor.
The worm found a port that had been reserved and abandoned, a room with a nameplate on the door but no one inside. It moved in.
The Well-Known Range
Port 145 sits in the well-known port range (0 through 1023). These ports are special. On Unix-like systems, binding to a port below 1024 historically required root privileges. This was a security measure: you could trust that the service on port 80 was started by someone with administrative access to the machine, not a random user running a rogue process.
IANA assigns these ports through formal review processes. Getting a well-known port is not trivial. Someone at MITRE, at some point in the early history of the Internet, went through the process of reserving port 145 for the UAAC Protocol. The reservation was granted. And then the purpose was lost.
Port 145's neighbors tell you the company it keeps:
| Port | Service | Status |
|---|---|---|
| 143 | IMAP | Active, widely used |
| 144 | UMA (Universal Management Architecture) | Obscure |
| 145 | UAAC Protocol | Unknown purpose |
| 146 | ISO-TP0 | Obscure |
| 147 | ISO-IP | Obscure |
How to Check What Is Listening on Port 145
Because port 145 has no legitimate modern use, anything listening on it deserves investigation.
Linux:
macOS:
Windows:
If something is bound to port 145 and you did not put it there, treat it as suspicious. Given the port's history with the XC worm, an unexplained listener on 145 warrants immediate investigation.
Why Ghost Ports Matter
The IANA registry contains 1,024 well-known ports. Not all of them are in active use. Some, like port 145, were reserved decades ago for protocols that never gained traction, were never publicly documented, or were simply forgotten.
These ghost ports create a specific kind of risk. They appear in service definition files across operating systems, lending them an air of legitimacy. They occupy the privileged range, suggesting importance. But because no real traffic is expected on them, they make ideal hiding places for malware, backdoors, and covert channels.
Port 145 is a reminder that the port registry is a human artifact. People reserve things and leave. Organizations change. Email addresses stop working. And the Internet carries forward the decisions of people it can no longer reach.
Frequently Asked Questions
Was this page helpful?