| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 593 |
tcp |
|
Members scan |
MS Security Bulletin [MS03-026] outlines a critical Buffer Overrun RPC vulnerability that can be exploited via ports 135, 139, 445, 593 (or any other specifically configured RPC port). You should filter the above mentioned ports at the firewall level and not allow RPC over an unsecure network, such as the Internet. |
| 1338 |
tcp |
|
Premium scan |
Millenium Worm, affects Unix/Linux. |
| 511 |
tcp |
|
Premium scan |
Part of rootkit t0rn, a program called "leeto's socket daemon" runs at this port. |
| 0 |
tcp,udp |
|
not scanned |
This port is technically illegal, but possible. It is often used to fingerprint machines, because different operating systems respond to this port in different ways. |
| 3872 |
tcp |
|
not scanned |
Oracle Management Remote Agent |
| 1526 |
tcp |
|
not scanned |
Oracle database common alternative for listener |
| 7308 |
tcp |
|
Premium scan |
NetMonitor trojan (a.k.a. NetSpy, NTMonitor, BackDoor-E.srv., Backdoor.Netspy, Backdoor.NetMonitor) |
| 28 |
tcp |
|
Premium scan |
AltaVista Firewall97 accepts connections on ports 26,27,28 and 29, this can be used to fingerprint the type of firewall in use.
Amanda trojan uses port 28/tcp. |
| 6180 |
tcp |
|
Premium scan |
Common Port for phishing scam sites |
| 41014 |
tcp |
|
not scanned |
The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port).
References: [CVE-2012-2607] |
| 61460 |
tcp |
|
not scanned |
An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382.
References: [CVE-2012-3074] |
| 5492 |
tcp,udp |
|
not scanned |
Soti Pocket Controller-Professional 5.0 allows remote attackers to turn off, reboot, or hard reset a PDA via a series of initialization, command, and reset packets sent to port 5492.
References: [CVE-2005-4152] [BID-15775] [SECUNIA-17966] |
| 9833 |
udp |
|
not scanned |
Telindus 1100 series ADSL router allows remote attackers to gain privileges to the device via a certain packet to UDP port 9833, which generates a reply that includes the router's password and other sensitive information in cleartext.
References: [CVE-2002-0949] [BID-4946] |
| 9099 |
tcp |
|
not scanned |
HP Laserjet printers with JetDirect cards, when configured with TCP/IP, allow remote attackers to bypass print filters by directly sending PostScript documents to TCP ports 9099 and 9100.
References: [CVE-1999-1062] |
| 15998 |
udp |
2ping |
not scanned |
IANA registered for: 2ping Bi-Directional Ping Service |
| 48049 |
tcp,udp |
3gpp |
not scanned |
3GPP Cell Broadcast Service Protocol |
| 8550 |
tcp,udp |
4psa |
not scanned |
Primary/Master 4PSA DNS Manager server - http://www.4psa.com/
Port is used for master/slave connection between servers, also uses ports 53 and 953 tcp/udp. |
| 1027 |
udp |
6a44 |
not scanned |
IPv6 Behind NAT44 CPEs [IESG] (IANA official) [RFC6751] |
| 4598 |
tcp,udp |
a16-an-an |
not scanned |
A16 (AN-AN) |
| 4599 |
tcp,udp |
a17-an-an |
not scanned |
A17 (AN-AN) |
| 4502 |
sctp |
a25-fap-fgw |
not scanned |
A25 (FAP-FGW) [ThreeGPP2] (IANA official) |
| 28119 |
udp |
a27-ran-ran |
not scanned |
A27 cdma2000 RAN Management [ThreeGPP2] (IANA official) |
| 674 |
tcp |
ACAP |
Premium scan |
ACAP -- Application Configuration Access Protocol
References: RFC2244, RFC2595, RFC2636 |
| 6868 |
udp |
acctopus-st |
not scanned |
Acctopus Status |
| 6969 |
tcp |
acmsoda |
Members scan |
Backdoor.Assasin.D trojan - opens a backdoor on one of the following ports: 5695,6595,6969,27589. Backdoor.Assasin opens port 27589, Backdoor.Assasin.B opens port 6969, Backdoor.Assasin.C opens port 6595, and Backdoor.Assasin.D opens port 5695 to listen for commands from the attacker.
Other trojans that use this port: GateCrasher, IRC 3/IRC Hack, Net Controller, Priority, Danton, 2000Cracks |
| 3823 |
tcp,udp |
acp-conduit |
not scanned |
Compute Pool Conduit |
| 3822 |
tcp,udp |
acp-discovery |
not scanned |
Compute Pool Discovery |
| 3824 |
tcp,udp |
acp-policy |
not scanned |
Compute Pool Policy |
| 7509 |
tcp |
acplt |
not scanned |
IANA registered for: ACPLT - process automation service |
| 5103 |
tcp |
actifio-c2c |
not scanned |
IANA registered for: Actifio C2C |
| 61616 |
tcp,udp |
activemq |
not scanned |
Apache ActiveMQ, Java Message Service (JMS) |
| 64320 |
tcp,udp |
activepdf |
not scanned |
Port used by ActivePDF software - automates PDF generation process from different sources, such as a website
ActivePDF WebGrabber - port 64320
ActivePDF Server - port 53535
ActivePDF DocConverter - port 53540 and port 53541 |
| 53535,53540,53541 |
tcp,udp |
activepdf |
not scanned |
Port used by ActivePDF software - automates PDF generation process from different sources, such as a website
ActivePDF WebGrabber - port 64320
ActivePDF Server - port 53535
ActivePDF DocConverter - port 53540 and port 53541 |
| 6350 |
tcp,udp |
adap |
not scanned |
App Discovery and Access Protocol |
| 34570 |
udp |
adaptec |
not scanned |
Adaptec Storage Manager |
| 7508 |
tcp |
adcp |
not scanned |
Automation Device Configuration Protocol [Festo AG] (IANA official) |
| 8800 |
tcp |
address book |
not scanned |
Apple Address Book (Mac OS X Server v10.6 and later) |
| 8843 |
tcp |
address book |
not scanned |
Apple Address Book (Mac OS X Server v10.6 and later) |
| 7935 |
tcp |
adobe |
not scanned |
Fixed port used for Adobe Flash Debug Player to communicate with a debugger (Flash IDE, Flex Builder or fdb). |
| 3703 |
tcp,udp |
adobeserver-3 |
not scanned |
Adobe Server 3 |
| 3704 |
tcp,udp |
adobeserver-4 |
not scanned |
Adobe Server 4 |
| 3705 |
tcp,udp |
adobeserver-5 |
not scanned |
Adobe Server 5 |
| 5913 |
tcp,udp,sctp |
ads-c |
not scanned |
Automatic Dependent Surveillance [Eivan_Cerasi] (IANA official) |
| 8060 |
udp |
aero |
not scanned |
Asymmetric Extended Route Optimization (AERO) [IESG] [RFC6706] (IANA official) |
| 7107 |
udp |
aes-x170 |
not scanned |
IANA registered for: AES-X170 |
| 8202 |
udp |
aesop |
not scanned |
Audio+Ethernet Standard Open Protocol [POWERSOFT SRL] (IANA official) |
| 4362 |
udp |
afore-vdp-disc |
not scanned |
IANA registered for: AFORE vNode Discovery protocol |
| 548 |
tcp |
afpovertcp |
not scanned |
AppleShare, Personal File Sharing, Apple File Service
ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allows remote attackers to cause a denial of service (daemon crash) via an invalid UAM field in a request to the Apple Filing Protocol (AFP) service on TCP port 548.
References: [CVE-2008-0759], [BID-27718] |
| 7000 |
tcp |
afs-fileserver |
Members scan |
afs fileserver
Command and Conquer Renegade and Rumble Fighter (TCP/UDP) also use this port.
W32.Gaobot.BQJ (11.08.2004) - network-aware worm taht opens a backdoor and can be controlled via IRC. It can affect all current Windows versions. Connects to an IRC server on port 7000/tcp.
W32.Mydoom.BQ@mm (05.11.2005) - mass-mailing worm with backdoor capabilities, that uses its own SMTP engine. It communicates with an IRC server and listens for remote commands on port 7000/tcp.
W32.Mytob.GC@mm (06.30.2005) - mass-mailing worm that opens a backdoor on port 7000/tcp.
Some older trojan horses/backdoors that also use this port: Exploit Translation Server, Kazimas, Remote Grab, SubSeven
The game Aliens vs Predator 2 uses ports 7000-10000 (TCP) |
| 7001 |
tcp,udp |
afs3-callback |
Premium scan |
Callback To Cache Manager, MSN Messenger
Command and Conquer Renegade also uses this port (TCP).
Trojans that use this port: Freak2k, Freak88, NetSnooper Gold. |
| 7006 |
tcp,udp |
afs3-errors |
not scanned |
Error interpretation service, BMC Software CONTROL-M/Server and CONTROL-M/AgentServer-to-Agent, City of Heroes, City of Villains, RealAudio |
| 7004 |
tcp,udp |
afs3-kaserver |
not scanned |
AFS/Kerberos authentication service, City of Heroes, City of Villains, RealAudio |
| 7002 |
tcp,udp |
afs3-pserver |
not scanned |
users & groups database
Command and Conquer Renegade also uses this port (TCP). |
| 7003 |
tcp,udp |
afs3-vlserver |
not scanned |
Volume location database, City of Heroes, City of Villains, RealAudio |
| 7005 |
tcp,udp |
afs3-volser |
not scanned |
Volume managment server, City of Heroes, City of Villains, RealAudio, BMC Control-M/Server, BMC Control-M/Agent, Oracle HTTP |
| 5190 |
tcp,udp |
aim |
Members scan |
ICQ, AIM (AOL Instant Messenger), Apple iChat
Malicious services using this port: MBomber, W32.hllw.anig
AOL Instant Messenger (AIM) allows remote attackers to steal files that are being transferred to other clients by connecting to port 4443 (Direct Connection) or port 5190 (file transfer) before the intended user.
References: [CVE-2002-0592], [BID-4574]
Trojan.Kalshi (2003.10.10) - a trojan program that is designed to allow spammers to anonymously send email spam via a compromised system. The trojan may install a rootkit (MCID 1300) to obscure its activities.
W32.HLLW.Anig (2004.01.28) - a worm that propagates over network shares. The worm also contains a keylogger and backdoor component. |
| 5191 |
tcp,udp |
aim |
not scanned |
ICQ, AIM (AOL Instant Messenger) |
| 5192 |
tcp,udp |
aim |
not scanned |
ICQ, AIM (AOL Instant Messenger) |
| 5193 |
tcp,udp |
aim |
not scanned |
ICQ, AIM (AOL Instant Messenger) |
| 4804 |
udp |
aja-ntv4-disc |
not scanned |
AJA ntv4 Video System Discovery |
| 8007 |
tcp |
ajp12 |
not scanned |
Apache JServ Protocol v12
Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
References: [CVE-2005-0808], [BID-12795] |
| 16003 |
udp |
alfin |
not scanned |
IANA registered for: Automation and Control by REGULACE.ORG |
| 9956 |
udp |
alljoyn |
not scanned |
Alljoyn Name Service [Qualcomm Innovation Center] (IANA official) |
| 9955 |
udp |
alljoyn-mcm |
not scanned |
Contact Port for AllJoyn multiplexed constrained messages [Qualcomm Innovation Center] (IANA official) |
| 9955 |
tcp |
alljoyn-stm |
not scanned |
Contact Port for AllJoyn standard messaging [Qualcomm Innovation Center] (IANA official) |
| 35355 |
tcp |
altova-lm |
not scanned |
Altova License Management |
| 35355 |
udp |
altova-lm-disc |
not scanned |
Altova License Management Discovery |
| 5506 |
tcp,udp |
amc |
not scanned |
Amcom Mobile Connect |
| 8766 |
tcp,udp |
amcs |
not scanned |
Agilent Connectivity Service - Agilent Technologies Inc (IANA official)
Breach game (UDP) |
| 8040 |
tcp,udp |
ampify |
not scanned |
Ampify Messaging Protocol
ScreenConnect uses port 8040 (TCP) |
| 5195 |
tcp |
ampl-lic |
not scanned |
The protocol is used by a license server and client programs to control use of program licenses that float to networked machines [AMPL Optimization] (IANA official) |
| 5196 |
tcp |
ampl-tableproxy |
not scanned |
The protocol is used by two programs that exchange "table" data used in the AMPL modeling language [AMPL Optimization] (IANA official) |
| 5672 |
tcp,udp,sctp |
amqp |
not scanned |
Advanced Message Queueing Protocol, see http://www.amqp.org
Also used by: MOHAA Reverend |
| 4712 |
tcp |
amule |
not scanned |
aMule internal connection port - used to communicate aMule with other applications such as aMule WebServer or aMuleCMD. |
| 2929 |
tcp |
amx-webadmin |
Premium scan |
Trojans using this port: Konik
IANA registered for: AMX-WEBADMIN (PANJA-WEBADMIN) |
| 2930 |
tcp,udp |
amx-weblinx |
not scanned |
PANJA-WEBLINX
IANA registered for: AMX-WEBLINX |
| 6588 |
tcp |
analogx |
Premium scan |
Port used by AnalogX proxy server. Common web proxy server ports: 8080, 80, 3128, 6588
Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request to TCP port 6588 or a SOCKS 4A request to TCP port 1080 with a long DNS hostname.
References: [CVE-2002-1001] [BID-5139]
Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to execute arbitrary code via a long URL to port 6588.
References: [CVE-2003-0410] [BID-7681] |
| 5228 |
tcp,udp |
android |
not scanned |
Port 5228 is used by the Google Playstore (Android market). Google talk also uses ports 443 and 5222. |
| 3338 |
tcp,udp |
anet-b |
not scanned |
OMF data b |
| 3341 |
tcp,udp |
anet-h |
not scanned |
OMF data h |
| 3339 |
tcp,udp |
anet-l |
not scanned |
OMF data l |
| 3340 |
tcp,udp |
anet-m |
not scanned |
OMF data m |
| 47806 |
tcp,udp |
ap |
not scanned |
ALC Protocol |
| 2160 |
tcp,udp |
apc-2160 |
not scanned |
APC 2160 |
| 2161 |
tcp,udp |
apc-2161 |
not scanned |
APC 2161 |
| 5455 |
tcp,udp |
apc-5455 |
not scanned |
APC 5455 [American Power Conve] (IANA official) |
| 5456 |
tcp,udp |
apc-5456 |
not scanned |
APC 5455 [American Power Conve] (IANA official) |
| 6547 |
tcp,udp |
apc-6547 |
not scanned |
APC 6547 [American Power Conversion] (IANA official) |
| 6548 |
tcp,udp |
apc-6548 |
not scanned |
APC 6548 [American Power Conversion] (IANA official) |
| 6549 |
tcp,udp |
apc-6549 |
not scanned |
APC 6549 [American Power Conversion] (IANA official) |
| 7846 |
tcp,udp |
apc-7846 |
not scanned |
APC 7846 [American Power Conversion] (IANA official) |
| 912 |
tcp |
apex |
Members scan |
Port assigned to the APEX (Application Exchange Core) protocol. It is an XML-based protocol designed for sending instant messages based on the Blocks Extensible Exchange Protocol (BEEP).
APEX also uses TCP port 913 as its endpoint-relay service. The APEX protocol has been replaced by the SIP, SIMPLE and XMPP protocols. Port 912 is used primarily to receive and send messages that are originated via the end-points located in port 913. Information sent and received via port 912 includes the endpoint that created it, a URI reference point, the endpoints that will receive it and other options. |
| 8088 |
tcp |
apple |
not scanned |
Software update (Mac OS X Server v10.4 and later) |
| 513 |
udp |
applications |
not scanned |
Multiple buffer overflows in the Syslog server in ManageEngine EventLog Analyzer 6.1 allow remote attackers to cause a denial of service (SysEvttCol.exe process crash) or possibly execute arbitrary code via a long Syslog PRI message header to UDP port 513 or 514.
References: [CVE-2010-4840] |
| 1101 |
tcp |
applications |
not scanned |
ZenSysSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via a series of connections and disconnections on TCP port 1101, aka Reference Number 25212.
References: [CVE-2011-4534], [BID-51897]
Backdoor.Hatckel - a backdoor Trojan that gives an attacker unauthorized access to an infected computer. By default it opens 15 ports on the infected computer: 1101 to 1115. Backdoor.Hatckel is written in Visual Basic. |
| 4592 |
tcp |
applications |
not scanned |
webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592.
References: [CVE-2011-4041], [BID-47008] |
| 20101 |
tcp |
applications |
not scanned |
Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101.
References: [CVE-2011-5001], [BID-50965] |
| 12401 |
tcp |
applications |
not scanned |
Buffer overflow in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11200 allows remote attackers to cause a denial of service via a crafted packet to TCP port 12401.
References: [CVE-2011-4050] [BID-51146]
PRLicenseMgr.exe in the Proficy Server License Manager in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12401.
References: [CVE-2012-0231]
Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted (1) ListAll, (2) Write File, (3) ReadFile, (4) Delete, (5) RenameFile, and (6) FileInfo commands in an 0xd opcode; (7) the Add, (8) ReadFile, (9) Write File, (10) Rename, (11) Delete, and (12) Add commands in an RMS report templates (0x7) opcode; and (13) 0x4 command in an STDREP request (0x8) opcode to TCP port 12401.
References: [CVE-2011-1567] [BID-46936] [SECUNIA-43849] |
| 50777 |
tcp |
applications |
not scanned |
zenAdminSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted packet to TCP port 50777, aka Reference Number 25240.
References: [CVE-2011-4533], [BID-51897] |
| 14690 |
tcp,udp |
applications |
not scanned |
Port used by BitKeeper.
14690/udp is also used by Battlefield 1942. |
