Port 1267 is where enterprise security auditing happens. This port carries traffic for eTrust Policy Compliance (ePC), a system that monitors thousands of servers to ensure they're following security policies—checking password requirements, access controls, and configuration standards before violations become breaches.
What eTrust Policy Compliance Does
eTrust Policy Compliance is a centralized security risk management system that does three things:
- Identifies security policy violations — Scans servers to find misconfigurations, weak passwords, improper access controls
- Facilitates resolution — Reports what's wrong and helps administrators fix it
- Prevents recurrence — Continuously monitors to ensure problems don't come back
It was designed to answer a question every security team asks: "Are all our servers actually following the security policies we think they are?"
The answer is usually no. And eTrust Policy Compliance exists to find out where and why.
How It Works
eTrust Policy Compliance agents run on servers (UNIX, Windows NT/2000, Linux) and communicate back to a central management console through port 1267. The agents:
- Audit security events and configurations
- Compare actual settings against defined security policies
- Report violations to the central system
- Track user activity across platforms
The central console receives this data, aggregates it, and shows administrators which servers are compliant and which are exposing the organization to risk.
The History: Computer Associates and the eTrust Era
eTrust Policy Compliance came from Platinum Technology Inc., which created Policy Compliance Manager in the late 1990s. Computer Associates (CA) acquired Platinum Technology and integrated it into their eTrust security suite—a comprehensive set of enterprise security tools that became CA's flagship offering.1
During the early 2000s, eTrust products were everywhere in large enterprises. Organizations deployed eTrust Audit and Policy Compliance modules to combat internal threats, network abuse, and intrusions.2
Someone at Computer Associates registered port 1267 with IANA for this service. The port is still officially assigned to ePC, even though the product has gone through multiple corporate acquisitions since then (CA was acquired by Broadcom in 2018).
Why This Port Matters
Port 1267 represents a specific approach to security: centralized monitoring and enforcement.
Instead of trusting that thousands of servers are configured correctly, you run agents that constantly check and report back. Instead of discovering a security misconfiguration after a breach, you find it beforehand.
This was the dominant security model in the 2000s—and it's still used in many enterprises today, though the specific products have changed names and owners multiple times.
Security Considerations
If you see port 1267 open on your network:
Expected use: Legitimate eTrust Policy Compliance deployment, with agents communicating to a central management server
Unexpected use: Could indicate legacy software still running (and potentially unpatched), or an attacker using this port for other purposes
Security practice: Ensure any system using this port is part of an actively managed security deployment. Legacy eTrust installations may have known vulnerabilities if not updated.
Related Ports
Other Computer Associates eTrust products used different ports:
- Port 5250: Computer Associates eTrust Admin (enterprise administration)
- Various ports: eTrust Access Control, eTrust Threat Management, eTrust Security Command Center
The eTrust suite was comprehensive, and each component had its own communication channels.
How to Check What's Using Port 1267
On Linux:
On Windows:
Using nmap:
If you find port 1267 in use, verify it's part of an active, supported security monitoring system. Legacy installations may need migration to modern equivalents.
Frequently Asked Questions
The Deeper Pattern
Port 1267 represents something fundamental about enterprise security: the tension between distributed systems and centralized control.
Thousands of servers, each making their own configuration decisions. One security team trying to ensure they all follow the same rules. The solution: agents everywhere, reporting back to a central authority.
This is how we made the distributed auditable. Port 1267 is where that reporting happens.
Nakatulong ba ang pahinang ito?