Port 905 sits in the well-known ports range (0-1023), where you'd expect every number to have an official purpose assigned by IANA. But 905 doesn't. It's officially unassigned.1
That doesn't mean it's unused.
What Range This Port Belongs To
Port 905 falls within the well-known ports (0-1023), also called system ports. These are supposed to be assigned only through IETF Review or IESG Approval - formal processes that document who gets what port and why.2
The well-known range exists because operating systems treat these ports specially. On Unix-like systems, only root can bind to ports below 1024. This is a security feature - the theory being that if a service is running on port 80 or 22 or 443, you can trust it's actually the web server or SSH daemon, not some random program a regular user started.
But port 905 has no official assignment in this carefully controlled range. It's a gap in the registry.
Unofficial Uses
Just because IANA hasn't assigned port 905 doesn't mean nothing uses it.
macOS NetInfo (TCP): On older Mac OS X systems, port 905 was used by NetInfo, Apple's RPC-based directory service. NetInfo shared network configuration data - user accounts, hostnames, network settings - across Mac networks. The service (nibindd) bound to port 905 to serve NetInfo domains.3
NetInfo is largely obsolete now (replaced by Open Directory), but the port association remains in some documentation and legacy systems.
Backdoor.NetDevil (TCP): The same port has been documented as used by NetDevil, a Windows trojan that gives attackers remote control of infected machines.4 Security scanners flag traffic on port 905 for this reason.
This is the reality of unassigned ports - they get claimed by whoever needs them, for whatever purpose. The number itself is neutral. Context determines whether port 905 traffic is a legitimate Mac service or a compromised Windows box.
Why Unassigned Ports Matter
You might think unassigned ports are just empty slots waiting to be filled. But they serve a purpose.
Room for local services: Not every service needs a global port assignment. Applications can use unassigned ports for internal purposes without conflicting with standardized services.
Flexibility for testing: Developers use unassigned ports for testing new protocols before (or instead of) requesting official assignments.
Dynamic allocation: Many modern systems use ephemeral ports (typically 49152-65535) for dynamic connections, but some older systems or specialized applications use unassigned well-known ports similarly.
The downside: without an official assignment, you can't know what port 905 traffic means without context. Is it a Mac sharing directory data? Is it malware? Is it something else entirely? The port number alone doesn't tell you.
Security Implications
If you see traffic on port 905:
- On a Mac network, it might be legitimate NetInfo traffic (though this is rare on modern systems)
- On any other system, it's worth investigating - it could be malware
- In security logs, port 905 activity often triggers alerts because of the NetDevil trojan association
Best practices:
- Block port 905 at your firewall unless you specifically need it
- If you're running macOS and not using NetInfo, nothing should be listening here
- Monitor for unexpected services binding to this port
How to Check What's Listening
On Linux or macOS:
On Windows:
If something's listening and you don't know why, investigate. Unassigned ports are often the first place malware hides.
The Gap in the Registry
Port 905's unassigned status is actually unusual for the well-known range. Most ports from 0-1023 have official assignments, even if those services are obsolete. The fact that 905 remains unassigned suggests no one has made a compelling case for formally claiming it.
Meanwhile, it gets used anyway. Services don't wait for IANA approval. They bind to ports that work, and those bindings become de facto standards in specific contexts - macOS networks, malware command-and-control infrastructure, internal corporate applications.
The registry is a map, not the territory. Port 905 carries traffic regardless of what the paperwork says.
Bu sayfa faydalı oldu mu?