Despite the fact that ILS is a Microsoft NetMeeting teleconferencing directory service, this port appears to be open (for unknown reasons) whenever Microsoft's Internet Connection Sharing (ICS) system is in use. And despite the service's definition, it does not appear to be directly related to the operation or activity of Microsoft's NetMeeting.
Additionally, unlike all other known open ports in Windows, this port does not appear in "netstat" command listings. It's hidden. For this to be true, Windows sockets, and the standard Windows TCP/IP protocol stack, are not being used to open and receive connections through this port. We wonder why, and what's going on.
This port's apparent association with Microsoft's ICS (Internet connection sharing) was discovered empirically by noticing that only people who were using ICS had this port open, and that everyone who was using ICS (and necessarily NetMeeting), without any additional external protection, had this port open and exposed to the Internet. Subsequent research uncovered several references to this port:
http://www.securityfocus.com/infocus/1620
http://www.freesoft.org/software/NetMeeting/netmeetserver.html
We anticipate (and hope) that the attention which will probably be brought to this port by its wide exposure in our 1056-port "All Service Ports" scan, may help to shed some light on Microsoft's silent use of this open port. As more is learned, this page will be updated with any news.
In the meantime, it might be expedient to see whether you can coax your personal firewall into blocking this port from outside contact. We don't know what it's for, or from whom it might be silently accepting outside connections. (Users behind a NAT router will probably not be using ICS, but if so the router's NAT will automatically protect any non-DMZ machines.) On the other hand, users who are using ICS, and will consequently discover that this port is open, are probably not hidden safely behind a NAT router.
Given Microsoft's long history and continuing practice of producing insecure and remotely exploitable Internet services, there's no way this port is safe to leave open and unattended. Get it closed!