Port 2786: aic-oncrpc — A Registered Port Nobody Remembers

What This Port Is

Port 2786 sits in the registered ports range (1024–49151). These ports are assigned by IANA to specific services — software vendors and developers who filed a request, got a number, and agreed to use it. Unlike the well-known ports (0–1023), no administrator privileges are required to bind to them, and the range is large enough that most registered services never become widely known.

Port 2786 is officially assigned to "aic-oncrpc — Destiny MCD database" for both TCP and UDP.¹ The contact on record is Brad Parker at american.com. There is almost no publicly available documentation about what Destiny MCD is, who built it, or whether it ever shipped widely.

What "aic-oncrpc" Means

The name breaks down into two pieces:

AIC is likely a company abbreviation — possibly Applications International Corporation or a similar vendor from the era when this registration was filed.

oncrpc is the interesting part. ONC RPC stands for Open Network Computing Remote Procedure Call, a protocol Sun Microsystems designed in the 1980s to let programs call functions on remote machines as if they were local. It's the same mechanism underlying NFS (the Network File System). By the time port registrations were common, ONC RPC was the lingua franca of Unix enterprise software.²

So "aic-oncrpc" means: this vendor's database system communicated using Sun's remote procedure call protocol. Destiny MCD was almost certainly an enterprise database product — the kind of software deployed at large organizations, maintained by vendors under contract, and never advertised publicly.

Why You'd Never Find It

This is a common pattern in the registered ports range. Thousands of ports were assigned to:

• Internal enterprise tools that never shipped as commercial products
• Software from companies that no longer exist
• Services superseded by newer protocols before they spread

Port 2786 appears to be one of these. The registration is real. The service is, for all practical purposes, extinct — or running silently inside a handful of legacy systems where it's been humming along for decades without anyone noticing.

Checking What's Actually There

If you see traffic on port 2786 and you want to know what it is, start here:

On Linux/macOS:

# See what process is listening on port 2786
sudo ss -tlnp | grep 2786
# or
sudo lsof -i :2786

On Windows:

netstat -ano | findstr :2786
# Then look up the PID:
tasklist | findstr <PID>

If nothing is listening, the port is closed and you have nothing to worry about. If something is listening, the process name will tell you what it is.

Should You Be Concerned?

Port scanners sometimes flag 2786 as historically associated with malware.³ This is guilt by proximity — because the port's legitimate owner is so obscure, any traffic there looks suspicious. If you see unexpected activity on this port on a machine that isn't running legacy AIC software, it's worth investigating. But the port itself isn't dangerous. It's just forgotten.

The Bigger Picture

The registered ports range is part of what makes the Internet's port system coherent. Every service that wants a stable, predictable number can apply. But IANA doesn't enforce whether that service actually gets used. The result is a registry full of assignments ranging from HTTP (80, used by billions of connections per second) to aic-oncrpc (2786, used by almost no one in decades).

Port 2786 is a reminder that the Internet is built on layers of history — protocols registered by engineers who've since retired, software that ran on hardware that no longer exists, services that solved real problems for real organizations and then quietly disappeared.

The port number is still there. The software, almost certainly, is not.