Shortcuts
|
Vulnerable Ports
This list (a very small part of our SG Ports database) includes TCP/UDP ports currently tested by our Security Scanner, and corresponding potential security threats.
We update the list on a regular basis, however if you feel we should add other port(s) to the list or modify their descriptions, please .
Any feedback and suggestions can also be posted to our Security forum.
| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 3027 |
tcp,udp |
liebdevmgmt_c |
not scanned |
LiebDevMgmt_C |
| 3028 |
tcp,udp |
liebdevmgmt_dm |
not scanned |
LiebDevMgmt_DM
Backdoor.Wortbot also uses this port (TCP). |
| 3029 |
tcp,udp |
liebdevmgmt_a |
not scanned |
LiebDevMgmt_A |
| 3030 |
tcp |
trojans |
Premium scan |
W32.Mytob.ET@mm (2005.06.15) - mass-mailing worm with backdoor capabilities. Uses its own SMTP engine to spread. Connects to an IRC server and listens for remote commands on port 3030/tcp.
Backdoor.Slao (2003.05.26) - a backdoor trojan horse that allows unauthorized access to an infected computer.
Port also used by the W32.Mytob.EQ, W32.Mytob.cz@mm variants of the worm. |
| 3031 |
tcp |
trojan |
Premium scan |
MicroSpy
Program Linking, Remote Apple Events also use port 3031 (TCP/UDP). |
| 3040 |
tcp |
games |
not scanned |
Star Trek Armada II |
| 3049 |
udp |
virus |
not scanned |
Linux.Jac.8759 (2002.10.03) - an ELF file infector virus. It will infect up to 201 ELF files in the same directory from which it was executed. Additionally, if an infected executable is run as root, it will also switch to the /bin directory and infect another 201 ELF files there.
Port is also IANA registered for NSWS. |
| 3050 |
tcp,udp |
gds_db |
not scanned |
Borland Interbase database
Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 SP2 allows remote attackers to execute arbitrary code via a malformed opcode 0x52 request to TCP port 3050.
References: [CVE-2008-1910], [BID-28730]
Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256) allows remote attackers to execute arbitrary code via a malformed packet to TCP port 3050, which triggers a stack-based buffer overflow. NOTE: this issue might be related to [CVE-2008-0467].
References: [CVE-2008-2559] [BID-29302] [SECUNIA-30299]
Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 through 8.1.0.253, and WI 5.1.1.680 through 8.1.0.257, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the (a) SVC_attach or (b) INET_connect function, (2) a long create request on TCP port 3050 to the (c) isc_create_database or (d) jrd8_create_database function, (3) a long attach request on TCP port 3050 to the (e) isc_attach_database or (f) PWD_db_aliased function, or unspecified vectors involving the (4) jrd8_attach_database or (5) expand_filename2 function.
References: [CVE-2007-5243] [BID-25917] [OSVDB-38609] [SECUNIA-27058]
gds_db (IANA official) |
| 3056 |
udp |
games |
not scanned |
Star Trek Armada II |
| 3057 |
udp |
games |
not scanned |
Star Trek Armada II |
| 3067 |
tcp |
trojans |
Premium scan |
W32.Korgo.F (2004-06-01) - worm that propagates using Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin [MS04-011]) on TCP port 445. It also listens on TCP ports 113, 3067, and may use other random ports.
IANA registered for: FJHPJP |
| 3072 |
tcp |
csd-monitor |
Premium scan |
Trojans using this port: IRC Bot
IANA registered for: ContinuStor Monitor Port |
| 3074 |
tcp,udp |
xbox |
Premium scan |
Xbox LIVE uses ports 53 tcp/udp, 80 tcp, 88 udp, 3074 tcp/udp.
Blazing Angels Squadrons of WWII, Call of Duty World at War use this port (TCP), Grand Theft Auto IV, James Bond: Quantum of Solace, Tom Clancy's Splinter Cell: Double Agent, Enemy Territory: Quake Wars. |
| 3075 |
tcp,udp |
orbix-locator |
not scanned |
Lost Planet - Extreme Condition, Call of Duty - World at War, Blazing Angels Online
IANA registered for: Orbix 2000 Locator |
| 3076 |
tcp,udp |
orbix-config |
not scanned |
Orbix 2000 Config |
| 3077 |
tcp,udp |
orbix-loc-ssl |
not scanned |
Orbix 2000 Locator SSL |
| 3078 |
tcp,udp |
orbix-cfg-ssl |
not scanned |
Orbix 2000 Locator SSL |
| 3081 |
tcp,udp |
tl1-lv |
not scanned |
Tom Clancy's Splinter Cell: Conviction uses port 3081 (TCP), developer: Ubisoft Montreal
Rainbow Six Vegas also uses port 3081 (UDP)
Port is IANA assigned for TL1-LV |
| 3082 |
tcp,udp |
tl1-raw |
not scanned |
TL1-RAW |
| 3083 |
tcp,udp |
tl1-telnet |
not scanned |
TL1-TELNET |
| 3100 |
tcp,udp |
games |
not scanned |
Delta Force |
| 3101 |
tcp |
bes |
Premium scan |
Port used by Blackberry Enterprise Server (BES). Also uses port 3500/tcp. |
| 3103 |
tcp,udp |
autocuesmi |
not scanned |
Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a long login name sent to port 3103.
References: [CVE-2004-1688] [BID-11203] [SECUNIA-12585]
Autocue SMI Protocol (IANA official) |
| 3104 |
tcp |
applications |
not scanned |
Rainbow Six Vegas game
IANA registered for: Autocue Logger Protocol
CA Message Queuing (CAM/CAFT) software - buffer overflow vulnerability that can allow a remote attacker to execute arbitrary code by sending a specially crafted message to TCP port 3104 (CVE-2007-0060). |
| 3105 |
tcp,udp |
cardbox |
not scanned |
Cardbox, Settlers 4, Rainbow Six Vegas
Tom Clancy's Splinter Cell: Conviction also uses port 3105 (TCP), developer: Ubisoft Montreal |
| 3106 |
tcp,udp |
cardbox-http |
not scanned |
Cardbox HTTP |
| 3114 |
tcp |
applications |
not scanned |
Stack-based buffer overflow in NPSpcSVR.exe in Larson Network Print Server (LstNPS) 9.4.2 allows remote attackers to execute arbitrary code via a long argument in a LICENSE command on TCP port 3114.
References: [CVE-2008-0763], [BID-27732]
Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114.
References: [CVE-2008-0764] [BID-27732] [SECUNIA-28890]
CCM AutoDiscover (TCP/UDP) (IANA official) |
| 3115 |
tcp,udp |
mctet-master |
not scanned |
MCTET Master |
| 3116 |
tcp,udp |
mctet-gateway |
not scanned |
MCTET Gateway |
| 3117 |
tcp,udp |
mctet-jserv |
not scanned |
Rainbow Six Vegas
IANA registered for: MCTET Jserv |
| 3119 |
tcp,udp |
d2000kernel |
Premium scan |
Trojans using this port: Delta Remote Access
IANA registered for: D2000 Kernel Port |
| 3120 |
tcp,udp |
d2000webserver |
not scanned |
D2000 Webserver Port |
| 3127 |
tcp |
worm |
Premium scan |
W32.Novarg.A@mm - mass-mailing worm with remote access trojan, 01.2004. Affects all current Windows versions. A.K.A W32/Mydoom@MM.
When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, compromissing the entire system.
W32.HLLW.Deadhat (2004.02.06) - a worm with backdoor capabilities. It attempts to uninstall the W32.Mydoom.A@mm and W32.Mydoom.B@mm worms, and then it spreads to other systems infected with Mydoom. Also, it spreads through the Soulseek file-sharing program.
Some other trojans using this port: W32.HLLW.DoomJuice, W32.MockBot.A, Moody.Worm, W32.DoomHunter, W32.SoLame.A, W32.Welchia.D |
| 3128 |
tcp |
ndl-aas |
Members scan |
Port used by some proxy servers. Common web proxy server ports: 8080, 80, 3128, 6588
Officiall assignment: Active API Server Port
Trojans and backdoors that use this port: Masters Paradise, Reverse WWW Tunnel Backdoor, RingZero
Mydoom.B (01.28.2004) - mass-mailing worm that opens a backdoor into the system. The backdoor makes use of TCP ports 80, 1080, 3128, 8080, and 10080.
W32.HLLW.Deadhat (2004.02.06) - a worm with backdoor capabilities. It attempts to uninstall the W32.Mydoom.A@mm and W32.Mydoom.B@mm worms, and then it spreads to other systems infected with Mydoom. Also, it spreads through the Soulseek file-sharing program.
Multiple buffer overflows in Thomas Hauck Jana Server allow remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request with a long major version number, an HTTP GET request to the HTTP proxy on port 3128 with a long major version number, a long OK reply from a POP3 server, and a long SMTP server response.
References: [CVE-2002-1061], [BID-5320] |
| 3129 |
tcp |
trojans |
Premium scan |
Master's Paradise - remote access trojan, 03.1998. Affects Windows, uses ports 31, 3129, 40421-40426
MyDoom.B@mm trojan also uses this port.
Port 3129 is also registered with IANA for: NetPort Discovery Port |
| 3130 |
tcp |
trojan |
Premium scan |
MyDoom.B@mm
IANA registered for: ICPv2 (TCP/UDP) |
| 3131 |
tcp,udp |
netbookmark |
Premium scan |
Oracle Application Server, LDAP SSL, Squid (HTTP Proxy)
Trojans using this port: SubSARI, MyDoom.B@mm.
Backdoor.Slao (2003.05.26) - a backdoor trojan horse that allows unauthorized access to an infected computer.
IANA registered for: Net Book Mark. |
| 3132 |
tcp |
trojan |
Premium scan |
MyDoom.B@mm |
| 3133 |
tcp |
prism-deploy |
Members scan |
Malicious services using this port: Back Orifice, Back Orifice 2000, MyDoom.B@mm
IANA registered for: Prism Deploy User Port |
| 3134 |
tcp |
trojan |
Premium scan |
MyDoom.B@mm |
| 3135 |
tcp |
trojan |
Premium scan |
MyDoom.B@mm |
| 3136 |
tcp |
trojan |
Premium scan |
MyDoom.B@mm |
| 3137 |
tcp,udp |
rtnt-1 |
not scanned |
rtnt-1 data packets
MyDoom.B@mm trojan also uses this port (TCP). |
| 3138 |
tcp,udp |
rtnt-2 |
not scanned |
rtnt-2 data packets
MyDoom.B@mm trojan also uses this port (TCP). |
| 3139 |
tcp |
trojan |
Premium scan |
MyDoom.B@mm |
| 3140 |
tcp |
trojan |
Premium scan |
MyDoom.B@mm |
| 3141 |
tcp |
trojan |
Premium scan |
MyDoom.B@mm
Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to restart the service, use the getlastmsg command to view log information, or use the online command to force a policy update from the database server.
References: [CVE-2004-2107], [BID-9478]
Port is also IANA registered for VMODE |
| 3142 |
tcp |
trojan |
Premium scan |
MyDoom.B@mm |
| 3143 |
tcp |
trojan |
Premium scan |
MyDoom.B@mm |
| 3144 |
tcp |
trojan |
Premium scan |
MyDoom.B@mm |
| 3145 |
tcp |
trojan |
Premium scan |
MyDoom.B@mm (worm)
CSI-LFAP (IANA official)
zftpserver (unofficial use) |
| 3146 |
tcp |
trojan |
Premium scan |
MyDoom.B@mm |
| 3147 |
tcp |
trojan |
Premium scan |
MyDoom.B@mm |
| 3148 |
tcp,udp |
nm-game-admin |
not scanned |
NetMike Game Administrator
MyDoom.B@mm trojan also uses this port (TCP). |
| 3149 |
tcp,udp |
nm-game-server |
not scanned |
NetMike Game Server
MyDoom.B@mm trojan also uses this port (TCP). |
| 3150 |
tcp,udp |
nm-asses-admin |
Members scan |
Netmike assessor administrator port.
Some trojans that also use this port: The Invasor (TCP), Deep Throat, Foreplay (UDP), Mini Backlash (uses ports 2130/udp and 3150/udp). |
| 3151 |
tcp,udp |
nm-assessor |
not scanned |
NetMike Assessor |
| 3154 |
udp |
applications |
not scanned |
Monopoly Tycoon, developer: Deep Red |
| 3155 |
tcp |
games |
not scanned |
Tom Clancy's H.A.W.X., developer: Ubisoft Romania |
| 3163 |
tcp |
games |
not scanned |
Tom Clancy's H.A.W.X., developer: Ubisoft Romania |
| 3169 |
tcp,udp |
serverview-as |
not scanned |
SERVERVIEW-AS |
| 3170 |
tcp,udp |
serverview-asn |
not scanned |
SERVERVIEW-ASN |
| 3171 |
tcp,udp |
serverview-gf |
not scanned |
SERVERVIEW-GF |
| 3172 |
tcp,udp |
serverview-rm |
not scanned |
SERVERVIEW-RM |
| 3181 |
tcp,udp |
bmcpatrolagent |
not scanned |
Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string specifiers in an invalid version number to TCP port 3181, which are not properly handled when writing a log message.
References: [CVE-2008-5982], [BID-32692]
PatrolAgent.exe in BMC Performance Manager does not require authentication for requests to modify configuration files, which allows remote attackers to execute arbitrary code via a request on TCP port 3181 for modification of the masterAgentName and masterAgentStartLine SNMP parameters. NOTE: the vendor disputes this vulnerability, stating that it does not exist when the system is properly configured.
References: [CVE-2007-1972] [BID-23559]
Port also IANA registered for BMC Patrol Agent |
| 3182 |
tcp,udp |
bmcpatrolrnvu |
not scanned |
BMC Patrol Rendezvous |
| 3190 |
tcp,udp |
csvr-proxy |
not scanned |
ConServR Proxy |
| 3191 |
tcp,udp |
csvr-sslproxy |
not scanned |
ConServR SSL Proxy |
| 3195 |
tcp |
trojans |
Premium scan |
Backdoor.IRC.Whisper.B (01.17.2005) - backdoor trojan. Connects to an IRC channel for remote access on port 3195/tcp.
IANA registered for: Network Control Unit |
| 3196 |
tcp,udp |
ncu-2 |
not scanned |
Network Control Unit |
| 3197 |
tcp,udp |
embrace-dp-s |
not scanned |
Embrace Device Protocol Server
MyDoom.B@mm trojan also uses this port (TCP). |
| 3198 |
tcp,udp |
embrace-dp-c |
not scanned |
Embrace Device Protocol Client
MyDoom.B@mm trojan also uses this port (TCP). |
| 3201 |
tcp,udp |
cpq-tasksmart |
not scanned |
Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user.
References: [CVE-2006-5784] [SECUNIA-22677] [BID-20877]
CPQ-TaskSmart (IANA official) |
| 3203 |
tcp,udp |
netwatcher-mon |
not scanned |
Network Watcher Monitor |
| 3204 |
tcp,udp |
netwatcher-db |
not scanned |
Network Watcher DB Access |
| 3207 |
tcp,udp |
vx-auth-port |
not scanned |
Veritas Authentication Port
Symantec Veritas Storage Foundation is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the Veritas Enterprise Administrator (VEA) component in the Administrator Service (vxsvc.exe). By sending a specially-crafted packet to UDP port 3207, a remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM level privileges or cause the service to crash.
References: [CVE-2008-0638], [BID-25778] |
| 3214 |
tcp,udp |
jmq-daemon-1 |
not scanned |
JMQ Daemon Port 1 |
| 3215 |
tcp,udp |
jmq-daemon-2 |
not scanned |
Trojans using this port: XHX, BlackStar, Ghose
IANA registered for: JMQ Daemon Port 2 |
| 3220 |
tcp,udp |
xnm-ssl |
not scanned |
XML NM over SSL |
| 3221 |
tcp,udp |
xnm-clear-text |
not scanned |
XML NM over TCP |
| 3232 |
tcp |
trojans |
not scanned |
Backdoor.Slao (2003.05.26) - a backdoor trojan horse that allows unauthorized access to an infected computer.
Port is also IANA registered for MDT [RFC6513] |
| 3256 |
tcp |
trojans |
Premium scan |
W32.HLLW.Dax - worm with remote access capabilities, 09.2002. Affects all current Windows versions.
port is also registered with IANA for: Compaq RPM Agent Port |
| 3260 |
tcp,udp |
iscsi-target |
not scanned |
iSCSI port |
| 3264 |
tcp |
trojans |
Premium scan |
Backdoor.Smother (2003.09.23) - gives its creator complete access to your computer. By default, the trojan connects on port 3264 to a server whose address is hard coded in the trojan.
Port is also IANA registered for cc:mail/lotus |
| 3268 |
tcp,udp |
msft-gc |
not scanned |
Global Catalog LDAP
IANA registered for: Microsoft Global Catalog |
| 3269 |
tcp,udp |
msft-gc-ssl |
not scanned |
Microsoft Global Catalog with LDAP SSL |
| 3283 |
tcp,udp |
net-assistant |
not scanned |
Apple Remote Desktop, iChat
IANA registered for: Net Assistant |
| 3292 |
tcp |
trojan |
Premium scan |
Xposure |
| 3293 |
tcp,udp |
fg-fps |
not scanned |
fg-fps |
| 3294 |
tcp,udp |
fg-gip |
not scanned |
fg-gip |
| 3295 |
tcp |
trojan |
Premium scan |
Xposure |
| 3297 |
udp |
games |
not scanned |
F1 2002 |
| 3297 |
tcp |
games |
not scanned |
GTR FIA GT Racing Game uses ports 3297-3301 |
| 3300 |
tcp,udp |
sap-gw |
not scanned |
SAP Gateway Server, TripleA game server (applications)
IANA registered for: Unauthorized use by SAP R/3 |
| 3301 |
tcp,udp |
applications |
not scanned |
Unauthorized use by SAP R/3
GTR FIA GT Racing Game also uses port 3301 (TCP) |
| 3303 |
tcp,udp |
opsession-clnt |
not scanned |
OP Session Client |
| 3304 |
tcp,udp |
opsession-srvr |
not scanned |
OP Session Server |
| 3305 |
tcp,udp |
odette-ftp |
not scanned |
Odette File Transfer Protocol (OFTP) (IANA official) [RFC5024] |
| 3306 |
tcp,udp |
mysql |
Members scan |
MySQL database server connections - http://www.mysql.com
Caesar IV uses this port.
Port also used by Nemog backdoor (discovered 2004.08.16) - a backdoor trojan horse that allows an infected computer to be used as an email relay and HTTP proxy, dropped by W32.Mydoom.Q@mm.
It can use one of the following ports: 3306,4242,4646,4661,6565,8080
Worms using this port: W32.Spybot.IVQ
MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306.
References: [CVE-2011-5049] |
| 3307 |
tcp |
virus |
not scanned |
W32.Dizan.C (2007.03.29) - a virus that spreads by infecting executable files. It also opens a back door on the compromised computer.
Port is also IANA registered for OP Session Proxy |
Vulnerabilities listed: 100 (some use multiple ports)
|
