1. Ports
  2. Port 190

Port 190: GACP — The Ghost Protocol

Port 190 sits in the well-known ports range, officially assigned by IANA to the Gateway Access Control Protocol (GACP). If you've never heard of GACP, you're not alone. This is a ghost protocol—standardized, documented, assigned an official port number, and then largely forgotten by the Internet.

What GACP Was Supposed to Do

The Gateway Access Control Protocol was designed for remote management and configuration of network gateways and routers. The protocol allowed administrators to:

  • Access and control network gateway devices remotely
  • Perform configuration tasks across the network
  • Monitor gateway status and performance
  • Establish authenticated login sessions on remote access servers

GACP works on both TCP and UDP over port 190. The choice between TCP and UDP depends on whether you need reliable delivery (TCP) or speed (UDP) for your gateway management operations.1

The Early Days Assignment

Port 190's assignment appears in RFC 1700 (October 1994) and its predecessor RFC 1340 (July 1992), the "Assigned Numbers" documents that served as the Internet's registry before IANA maintained living documents online.2 The contact listed in these early RFCs is C. Philip Wood, about whom little information survives in the modern Internet's memory.

This was the early 1990s, when the Internet was smaller, when new protocols seemed to emerge constantly, when standardization meant getting your protocol into an RFC and assigned a port number. Some of those protocols became foundational (HTTP on 80, SMTP on 25). Others, like GACP, faded into obscurity.

What Actually Uses Port 190

In practice, almost nothing uses port 190 for its intended purpose today. GACP never achieved widespread adoption. Modern network management evolved along different paths—SNMP (port 161), SSH (port 22), and proprietary management protocols won the battle for remote device administration.

What does show up on port 190 occasionally? Malware. Old trojans and viruses have historically used port 190 to communicate, precisely because it's an assigned but rarely monitored port.3 A listening service on port 190 is more likely to be unauthorized than legitimate.

Why This Port Matters

Port 190 represents something important about Internet infrastructure: not everything survives. The well-known ports range (0-1023) is littered with assignments like this—protocols that made sense at the time, that solved real problems, that someone believed in enough to standardize and document.

Some protocols succeeded beyond their creators' wildest dreams. Others, like GACP, exist now only as registry entries and historical footnotes. The port numbers remain reserved, preserved like fossils in the IANA registry, evidence of paths not taken.

How to Check What's Listening on Port 190

On Linux or macOS, use netstat or the modern ss command:

# Check if anything is listening on port 190
sudo netstat -tuln | grep :190

Or use lsof:

# Check what process is using port 190
sudo lsof -i :190

On Windows:

# Check listening ports
netstat -an | findstr :190

If you find something listening on port 190, investigate it. It's probably not GACP. It could be a legitimate service that chose an unused port, or it could be something malicious hiding in plain sight.

Security Considerations

Port 190 carries a warning flag in security databases precisely because it's assigned but unused. Any traffic on this port should be treated with suspicion:

  • Trojans have used this port historically for command and control communications4
  • Legitimate use is extremely rare in modern networks
  • If you see port 190 open, verify what's using it and why
  • Firewall rules should generally block port 190 unless you have a specific reason to allow it

The irony is that GACP was designed for secure gateway access control, but the port assigned to it became better known as a vector for unauthorized access.

The Protocol That Wasn't

There's no RFC that fully specifies GACP. There's no open-source implementation you can download. There are no configuration guides, no deployment best practices, no vendor documentation. Just a name, a port number, and a contact name in old RFCs.

Maybe C. Philip Wood implemented GACP for a specific network in the early 1990s. Maybe it worked perfectly for its intended purpose. Maybe there's a router somewhere, still running, that speaks GACP on port 190.

Or maybe GACP was a protocol that never quite made it from specification to implementation, a good idea that got superseded before it could gain traction.

Either way, port 190 remains. Reserved. Waiting. A ghost protocol occupying its assigned space in the Internet's numbering system, a reminder that not every port carries the weight of millions of connections. Some just carry the memory of what might have been.

Related Ports

  • Port 22 (SSH) — What actually won the remote network management battle
  • Port 23 (Telnet) — The older, insecure way to access remote devices
  • Port 161 (SNMP) — Simple Network Management Protocol for device monitoring
  • Port 443 (HTTPS) — Modern web-based device management interfaces

Frequently Asked Questions

Previous

Port 193: SRMP — The Ghost Protocol

Next

Port 192: OSU-NMS — A Ghost in the Registry

Was this page helpful?

😔
🤨
😃