Internet-Security.com TCP port 427 details

Port 427/TCP is used by the Service Location Protocol (SLP).
OpenSLP’s slpd runs on many Unix/Linux systems (e.g., SUSE, Red Hat, Ubuntu) and is also present on IBM AIX and Solaris, listening on TCP/UDP 427 for service discovery.
VMware ESXi historically bundled OpenSLP and listened on 427 for host/service discovery used by management tools; newer ESXi versions have removed/disabled it.
Novell NetWare 5/6 used SLP on 427 to advertise network services as a replacement for SAP.
Enterprise printers and MFDs (e.g., HP and Xerox models) use SLP on 427 to advertise printing and management services.
SUSE Linux Enterprise uses SLP to discover network installation sources and AutoYaST repositories.
Exploitation: OpenSLP on ESXi has had critical RCE flaws (e.g., CVE-2019-5544 and CVE-2021-21974), with the latter widely abused by ESXiArgs ransomware when port 427 was exposed to the internet.

TCP 427