Shortcuts
|
Vulnerable Ports
This list (a very small part of our SG Ports database) includes TCP/UDP ports currently tested by our Security Scanner, and corresponding potential security threats.
We update the list on a regular basis, however if you feel we should add other port(s) to the list or modify their descriptions, please .
Any feedback and suggestions can also be posted to our Security forum.
Port(s) |
Protocol |
Service |
Scan level |
Description |
2977 |
tcp,udp |
ttc-etap-ns |
not scanned |
TTCs Enterprise Test Access Protocol - NS |
2978 |
tcp,udp |
ttc-etap-ds |
not scanned |
TTCs Enterprise Test Access Protocol - DS |
2968 |
tcp,udp |
enpp |
not scanned |
Epson software update tool (EEventMan, MacOS)
Rtvscan (Symantec Antivirus) for Novell NetWare servers
SDBot trojan [Symantec-2002-051312-3628-99]
ENPP (IANA official) |
2964 |
tcp,udp |
bullant-srap |
not scanned |
BULLANT SRAP |
2965 |
tcp,udp |
bullant-rap |
not scanned |
BULLANT RAP |
2962 |
tcp,udp |
iph-policy-cli |
not scanned |
IPH-POLICY-CLI |
2963 |
tcp,udp |
iph-policy-adm |
not scanned |
IPH-POLICY-ADM |
2953 |
tcp,udp |
ovalarmsrv |
not scanned |
OVALARMSRV |
2954 |
tcp,udp |
ovalarmsrv-cmd |
not scanned |
Integer overflow in ovalarmsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted command to TCP port 2954, which triggers a heap-based buffer overflow.
References: [CVE-2008-2438], [BID-34738]
Multiple stack-based buffer overflows in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, and possibly 7.01, 7.50, and 7.53, allow remote attackers to execute arbitrary code via a long (1) REQUEST_SEV_CHANGE (aka number 47), (2) REQUEST_SAVE_STATE (aka number 61), or (3) REQUEST_RESTORE_STATE (aka number 62) request to TCP port 2954.
References: [CVE-2008-3544] [BID-28668] [SECUNIA-31688]
Port is also IANA registered for OVALARMSRV-CMD. |
2916 |
tcp,udp |
elvin_server |
not scanned |
Elvin Server |
2917 |
tcp,udp |
elvin_client |
not scanned |
Elvin Client |
2930 |
tcp,udp |
amx-weblinx |
not scanned |
PANJA-WEBLINX
IANA registered for: AMX-WEBLINX |
2874 |
tcp,udp |
dxmessagebase1 |
not scanned |
DX Message Base Transport Protocol |
2875 |
tcp,udp |
dxmessagebase2 |
not scanned |
DX Message Base Transport Protocol |
2869 |
tcp,udp |
icslap |
Members scan |
Microsoft Internet Connection Firewall (ICF), Internet Connection Sharing (ICS), SSDP Discover Service, Microsoft Universal Plug and Play (UPnP), Microsoft Event Notification
IANA registered for: ICSLAP |
2860 |
tcp,udp |
dialpad-voice1 |
not scanned |
Dialpad Voice 1 |
2861 |
tcp,udp |
dialpad-voice2 |
not scanned |
Dialpad Voice 2 |
2844 |
tcp,udp |
bpcp-poll |
not scanned |
BPCP POLL |
2845 |
tcp,udp |
bpcp-trap |
not scanned |
BPCP TRAP |
2834 |
tcp,udp |
evtp |
not scanned |
EVTP |
2835 |
tcp,udp |
evtp-data |
not scanned |
EVTP-DATA |
2832 |
tcp,udp |
silkp4 |
not scanned |
Media Streaming, Live Blogging Sametime 751 (peer-to-peer video feed), FlashFXP
IANA registered for: silkp4 |
2823 |
tcp,udp |
cqg-netlan |
not scanned |
CQG Net/LAN |
2824 |
tcp,udp |
cqg-netlan-1 |
not scanned |
CQG Net/LAN 1 |
2816 |
tcp,udp |
lbc-watchdog |
not scanned |
The Guild 2, Microsoft Robotics - Visual Simulation Environment
IANA registered for: LBC Watchdog |
2815 |
tcp,udp |
lbc-measure |
not scanned |
LBC Measurement |
2813 |
tcp,udp |
llm-pass |
not scanned |
llm-pass |
2814 |
tcp,udp |
llm-csv |
not scanned |
llm-csv |
2779 |
tcp,udp |
lbc-sync |
not scanned |
LBC Sync |
2780 |
tcp,udp |
lbc-control |
not scanned |
LBC Control |
2747 |
tcp,udp |
fjippol-swrly |
not scanned |
fjippol-swrly |
2776 |
tcp,udp |
ridgeway1 |
not scanned |
Ridgeway Systems & Software |
2777 |
tcp,udp |
ridgeway2 |
not scanned |
Ridgeway Systems & Software |
2748 |
tcp,udp |
fjippol-polsvr |
not scanned |
The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x and 6.x allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748.
References: [CVE-2008-2061], [BID-29933]
Port is also IANA registered for fjippol-polsvr. |
2749 |
tcp,udp |
fjippol-cnsl |
not scanned |
fjippol-cnsl |
2741 |
tcp,udp |
tsb |
not scanned |
TSB |
2742 |
tcp,udp |
tsb2 |
not scanned |
TSB2 |
2727 |
tcp,udp |
mgcp-callagent |
not scanned |
Media Gateway Control Protocol Call Agent
ShoreTel IP Telephony system uses the following ports
2427 UDP - IP phones listening port
2727 UDP - switches listening port
5004 UDP - voice packets
5440 TCP - HTTP CSIS, 5440 UDP - Location Service Protocol
5441 UDP - ShoreSIP
5442, 5446 UDP - DRS
5443, 5444, 5445 UDP - Bandwidth Reservation Protocol
5447, 5449, 5469 TCP - CAS & web proxy
5555 TCP - Shoreline diagnostic port (ipbxctl –diag) |
2427 |
tcp,udp |
mgcp-gateway |
not scanned |
ShoreTel IP Telephony system uses the following ports:
2427 UDP - IP phones listening port
2727 UDP - switches listening port
5004 UDP - voice packets
5440 TCP - HTTP CSIS, 5440 UDP - Location Service Protocol
5441 UDP - ShoreSIP
5442, 5446 UDP - DRS
5443, 5444, 5445 UDP - Bandwidth Reservation Protocol
5447, 5449, 5469 TCP - CAS & web proxy
5555 TCP - Shoreline diagnostic port (ipbxctl –diag)
Media Gateway Control Protocol Gateway (IANA official) |
2717 |
tcp,udp |
pn-requester |
not scanned |
PN REQUESTER |
2718 |
tcp,udp |
pn-requester2 |
not scanned |
PN REQUESTER 2
The Prayer 2 trojan horse also uses port 2718 (TCP). |
2677 |
tcp,udp |
gadgetgate1way |
not scanned |
Gadget Gate 1 Way |
2678 |
tcp,udp |
gadgetgate2way |
not scanned |
Gadget Gate 2 Way |
2664 |
tcp,udp |
patrol-mq-gm |
not scanned |
Patrol for MQ GM |
2665 |
tcp,udp |
patrol-mq-nm |
not scanned |
Patrol for MQ NM |
2657 |
tcp,udp |
sns-dispatcher |
not scanned |
SNS Dispatcher |
2658 |
tcp,udp |
sns-admin |
not scanned |
SNS Admin |
2659 |
tcp,udp |
sns-query |
not scanned |
SNS Query |
2656 |
tcp,udp |
kana |
not scanned |
ICQ P2P, SQL Remote Connection
IANA registered for: Kana |
2621 |
tcp,udp |
miles-apart |
not scanned |
Oracle Procedural Gateway
IANA registered for: Miles Apart Jukebox Server |
2601 |
tcp,udp |
discp-client |
not scanned |
zebra vty
IANA registered for: discp client
McAfee Network Threat Behavior Analysis could allow a remote attacker from within the local network to gain elevated privileges on the system, caused by an error related to the default configuration in the Zebra service. By connecting to port 2601 with telnet, an attacker could exploit this vulnerability to gain unrestricted root access to the machine.
References: [XFDB-85937] [BID-61420] |
2602 |
tcp,udp |
discp-server |
not scanned |
RIPd vty
IANA registered for: discp server |
2598 |
tcp,udp |
citriximaclient |
not scanned |
Citrix NetScaler gateway XenDesktop/XenApp VDA uses port 2598 TCP/UDP for access to applications and virtual desktops by ICA/HDX with Session Reliability.
new ICA - when Session Reliability is enabled, TCP port 2598 replaces port 1494
IANA registered for: Citrix MA Client |
2595 |
tcp,udp |
worldfusion1 |
not scanned |
World Fusion 1 |
2596 |
tcp,udp |
worldfusion2 |
not scanned |
World Fusion 2 |
2581 |
tcp,udp |
argis-te |
not scanned |
ARGIS TE |
2582 |
tcp,udp |
argis-ds |
not scanned |
ARGIS DS |
2546 |
tcp,udp |
vytalvaultbrtp |
not scanned |
vytalvaultbrtp |
2547 |
tcp,udp |
vytalvaultvsmp |
not scanned |
vytalvaultvsmp |
2548 |
tcp,udp |
vytalvaultpipe |
not scanned |
vytalvaultpipe |
2512 |
tcp,udp |
citrixima |
not scanned |
Citrix IMA uses port 2512 TCP (IANA registered).
Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server), Access Essentials and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513.
References: [CVE-2008-0356], [BID-27329] |
2513 |
tcp,udp |
citrixadmin |
not scanned |
Citrix Management Console uses port 2513 TCP. FMA based platforms 7.5 and later do not use the port.
Port is IANA registered for Citrix ADMIN
Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server), Access Essentials and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513.
References: [CVE-2008-0356], [BID-27329] |
2500 |
tcp,udp |
rtsserv |
Premium scan |
Numara Asset Manager Platform (AMP) uses the following ports:
1610 - primary AMP port
1611 - communication between console and master server
Other optional ports used by AMP:
1609 - used to calculate available bandwidth for transfer windows
1612 - used by the application kiosk feature
2500 - used for multicast data transfers to agents
5400 - used for remote control only
22,23,25,135-139,445 - used for auto discovery, SSH remote inventory scans, SMB remote inventory
161 - SNMP remote inventory scan
67-69 - relays can be used to avoid opening ports over the wan
IPContact
TheosMessenger, TheosNet-Admin uses these ports:
2500/tcp, 2501/tcp - listening for client connections
43047/tcp, 43048/tcp - service ports
Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow.
References: [BID-5132], [CVE-2002-1026], [XFDB-9458]
IANA registered for: Resource Tracking system server |
2501 |
tcp,udp |
rtsclient |
not scanned |
TheosMessenger, TheosNet-Admin uses these ports:
2500/tcp, 2501/tcp - listening for client connections
43047/tcp, 43048/tcp - service ports
IANA registered for: Resource Tracking system client |
2499 |
tcp,udp |
unicontrol |
not scanned |
gBox, CWShare
IANA registered for: UniControl |
2486 |
tcp,udp |
netobjects2 |
not scanned |
Net Objects2 |
2481 |
tcp,udp |
giop |
not scanned |
Oracle GIOP |
2482 |
tcp,udp |
giop-ssl |
not scanned |
Oracle GIOP SSL |
2465 |
tcp,udp |
lbm |
not scanned |
Load Balance Management |
2466 |
tcp,udp |
lbf |
not scanned |
Load Balance Forwarding |
2402 |
tcp,udp |
taskmaster2000 |
not scanned |
TaskMaster 2000 Server |
2403 |
tcp,udp |
taskmaster2000 |
not scanned |
TaskMaster 2000 Web |
2425 |
tcp,udp |
fjitsuappmgr |
not scanned |
Telnet, IP Messenger for Windows
IANA registered for: Fujitsu App Manager |
2432 |
tcp,udp |
codasrv |
not scanned |
codasrv |
2433 |
tcp,udp |
codasrv-se |
not scanned |
codasrv-se |
2938 |
tcp,udp |
sm-pas-1 |
not scanned |
SM-PAS-1 |
2939 |
tcp,udp |
sm-pas-2 |
not scanned |
SM-PAS-2 |
2940 |
tcp,udp |
sm-pas-3 |
not scanned |
SM-PAS-3 |
2941 |
tcp,udp |
sm-pas-4 |
not scanned |
SM-PAS-4 |
48556 |
tcp,udp |
com-bardac-dw |
not scanned |
com-bardac-dw, drive.web AC/DC Drive Automation and Control Networks |
47000 |
tcp,udp |
mbus |
not scanned |
Message Bus |
41666 |
tcp,udp |
trojan |
Premium scan |
Remote Boot trojan |
31338 |
tcp,udp |
trojans |
Premium scan |
Back Orifice, ButtFunnel, DeepBO, NetSpy DK trojans |
20432 |
tcp,udp |
ddos |
not scanned |
Shaft (DDoS) |
10100 |
tcp,udp |
trojans |
not scanned |
Backdoor.Ranky.O [Symantec-2004-122417-2948-99], Control Total, GiFt trojan, Scalper, Slapper
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remotely execute arbitrary code.
References: [CVE-2023-1133] |
7424 |
tcp,udp |
trojan |
not scanned |
Host Control trojan |
49683 |
tcp,udp |
trojan |
not scanned |
Fenster trojan (a.k.a. Trojan.Win32.Fenster, Backdoor.Fenster.21) |
2989 |
tcp,udp |
trojan |
not scanned |
Rat 1.2, Backdoor.Brador.A [Symantec-2004-080516-3455-99] |
2115 |
tcp,udp |
kdm |
Premium scan |
MIS Department
Trojan Bugs also uses port 2115 (TCP)
IANA registered for: Key Distribution Manager |
1313 |
tcp,udp |
bmc-patroldb |
Premium scan |
NETrojan uses port 1313 (TCP).
Backdoor.Win32.Pahador.aj / Authentication Bypass RCE - the malware listens on TCP ports 1313 and 21. Third-party attackers who can reach infected systems can logon using any username/password combination. Intruders may then upload executables using ftp PASV, STOR commands, this can result in remote code execution.
References: [MVID-2021-0393]
BMC_PATROLDB (IANA official) |
1207 |
tcp,udp |
trojan |
Premium scan |
SoftWAR trojan
Commandos 3: Destination Berlin also uses this port (UDP). |
1183 |
tcp,udp |
trojans |
Members scan |
Balistix is a backdoor Trojan affecting Microsoft Windows operating systems. The backdoor uses a client/server relationship, where the server component is installed in the victim's system and the remote attacker has control of the client. The server attempts to open a port, typically TCP port 1183, to allow the client system to connect. Balistix could allow a remote attacker to gain unauthorized access to the system.
References: [XFDB-15148]
Trojans that also use this port: Cyn, SweetHeart |
1044 |
tcp,udp |
trojan |
not scanned |
Ptakks |
815 |
tcp,udp |
trojan |
not scanned |
Everyone's Darling trojan horse |
61747 |
tcp,udp |
trojan |
not scanned |
KiLo trojan - listens on ports 50829,61746,61747,61748. May be related to Backdoor.KiLo [Symantec-2003-021319-1815-99] that uses ports 6711, 6718. |
61746 |
tcp,udp |
trojan |
not scanned |
KiLo trojan - listens on ports 50829,61746,61747,61748. May be related to Backdoor.KiLo [Symantec-2003-021319-1815-99] that uses ports 6711, 6718. |
50829 |
tcp,udp |
trojan |
not scanned |
KiLo trojan [Symantec-2003-021319-1815-99]
Backdoor.Win32.BirdSpy.b / Weak Hardcoded Credentials - the malware listens on TCP port 50829. Authentication is required, however the password "ccbird" is weak and hardcoded in the PE file.
References: [MVID-2022-0523] |
47785 |
tcp,udp |
trojan |
not scanned |
KiLo trojan [Symantec-2003-021319-1815-99] |
46666 |
tcp,udp |
trojan |
not scanned |
Taskman trojan |
44767 |
tcp,udp |
trojan |
not scanned |
School Bus trojan |
Vulnerabilities listed: 100 (some use multiple ports)
|