Port 2090: Load Report Protocol — Assigned but Absent

What Range This Port Belongs To

Port 2090 sits in the registered ports range (1024-49151). These ports are assigned by IANA to specific services, but the assignment doesn't mean the service is widely deployed — or deployed at all. The registered range exists to prevent collisions: if you're going to build something, claim a port number so nobody else squats on it.

In practice, the registered range is a mixed neighborhood. Some ports here carry critical infrastructure (port 1433 for SQL Server, port 3306 for MySQL). Others were assigned decades ago to protocols that never shipped. Port 2090 is in the second category.

The Official Assignment

IANA assigned port 2090 to Load Report Protocol (LRP) on both TCP and UDP.¹ LRP was intended for reporting load metrics across networked systems — a useful thing to standardize, in theory. It never became standard in practice. The assignment exists; the protocol doesn't really.

What Actually Shows Up on Port 2090

Go2Call and PalTalk — Two VoIP and messaging applications from the early-to-mid 2000s used port 2090 for voice and file transfer. Go2Call was a peer-to-peer VoIP client; PalTalk was a video chat platform once popular before Skype and Zoom rendered the category invisible. Both are mostly legacy at this point.²

Lexmark printer monitoring — Some Lexmark print management software used port 2090 for LSM (Lexmark Status Monitor) communications between client machines and network printers.

IRLP (Internet Radio Linking Project) — A system that connects amateur radio repeaters over the Internet uses a block of ports in the 2074-2093 range, which includes 2090.²

Malware — Port 2090 appears in references to Backdoor.Expjan and Backdoor.Win32.Zetronic, two Windows trojans that used this port for remote access and command-and-control. The UDP variant of Zetronic was documented as vulnerable to denial-of-service via malformed packets. This doesn't mean port 2090 traffic is malicious — it means the port looked available, so someone chose it.²

How to Check What's Listening

If you see activity on port 2090 and want to know the source:

On Linux/macOS:

sudo ss -tlnp | grep 2090
# or
sudo lsof -i :2090

On Windows:

netstat -ano | findstr :2090
# Then look up the PID:
tasklist | findstr <PID>

With nmap (from another machine):

nmap -sV -p 2090 <target-ip>

The -sV flag asks nmap to probe the service and guess what's actually running, not just report open/closed.

Why Unassigned (and Abandoned) Ports Matter

The registered port range has over 48,000 slots. Many were claimed optimistically and never filled. This creates a kind of port dark matter — numbers that are "taken" but effectively empty, available to any software that decides to squat.

This matters for two reasons. First, firewall rules and intrusion detection systems often use port numbers as a heuristic for what traffic is acceptable. An abandoned registered port is a quiet door. Second, malware authors know this — they deliberately choose ports with low baseline traffic to avoid standing out in logs.

Port 2090 is a small example of how the port registry drifts over time: official assignments from the 1990s and 2000s that once seemed important, now mostly notable for what occasionally wanders through them.