The Broadband Guide
SG
search advanced

Port 25 Details


known port assignments and vulnerabilities
threat/application/port search:
 search
Port(s) Protocol Service Details Source
25 tcp SMTP SMTP (Simple Mail Transfer Protocol). Many worms contain their own SMTP engine and use it to propagate by mass-mailing the payload, often also spoofing the "From: ..." field in emails. If you are not running a mail server that you're aware of, there is a possibility your system is infected.

Integer overflow in Apple Safari [CVE-2010-1099], Arora [CVE-2010-1100], Alexander Clauss iCab [CVE-2010-1101], OmniWeb [CVE-2010-1102], Stainless [CVE-2010-1103] allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.

List of some trojan horses/backdoors that use this port: Ajan, Antigen, Barok, Email Password Sender - EPS, EPS II, Gip, Gris, Happy99, Hpteam mail, Hybris, I love you, Kuang2, Magic Horse, MBT (Mail Bombing Trojan), Moscow Email trojan, Naebi, NewApt worm, ProMail trojan, Shtirlitz, Stealth, Tapiras, Terminator, WinPC, WinSpy, Aji, Email Worms, Haebu Coceda, Loveletter, Neabi, Shtrilitz.
W32.Sober.I@mm [Symantec-2004-111900-1451-99] (2004.11.19) - mass-mailing worm that uses its own SMTP engine. Affects all current Windows versions. Checks network connectivity by contacting a NTP server on port 37/tcp.
Trojan.Mitglieder.R [Symantec-2005-070117-2559-99] (2005.07.01) - trojan with backdoor capabilities. It runs a SOCKS4 proxy server and periodically contacts websites with information about the compromised computer. Attempts to open a back door on port 9040/tcp. Might also initiate a SMTP spam relay server on port 25/tcp.
W32.Beagle.CX@mm [Symantec-2005-121511-1751-99] (2005.12.15) - mass-mailing worm that uses its own SMTP engine to spread Trojan.Lodear.E [Symantec-2005-110111-3344-99]. Also opens a backdoor on port 80/tcp and lowers security settings on the compromised computer.
Backdoor.Rustock [Symantec-2006-060111-5747-99] (2006.06.01) - backdoor program that allows the compromised computer to be used as a proxy, uses rootkit techniques to hide its files and registry entries.

NJStar Communicator is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the MiniSMTP server when processing packets. By sending a specially-crafted request to TCP port 25, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
References: [CVE-2011-4040], [XFDB-71086], [BID-50452]

Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-00148, 3.1.0-dev-00170, and 3.1.0-dev-00176 can use cleartext SMTP on port 25 in some cases where encryption on port 465 was intended.
References: [CVE-2021-43270]

Trojan.Win32.Barjac / Remote Stack Buffer Overflow - Trojan.Win32.Barjac makes SMTP connection to Port 25, upon processing the server response we control, we overwrite instruction pointer (EIP), undermining the integrity of the trojan.
References: [MVID-2021-0011]
SG
25 udp games Final Fantasy XI SG
25 tcp Simple Mail Transfer Protocol (SMTP) - used for e-mail routing between mail servers (official) Wikipedia
25 tcp trojan Antigen, Barok, BSE, Email Password Sender , Gip, Laocoon, Magic Horse, MBT , Moscow Email trojan, Nimda, Shtirlitz, Stukach, Tapiras, WinPC Trojans
25 tcp,udp applications SMTP Portforward
25 tcp Ajan [trojan] Ajan Neophasis
25 tcp Antigen [trojan] Antigen Neophasis
25 tcp Barok [trojan] Barok Neophasis
25 tcp BSE [trojan] BSE Neophasis
25 tcp EmailPasswordSender [trojan] Email Password Sender - EPS Neophasis
25 tcp EPSII [trojan] EPS II Neophasis
25 tcp Gip [trojan] Gip Neophasis
25 tcp Gris [trojan] Gris Neophasis
25 tcp Happy99 [trojan] Happy99 Neophasis
25 tcp Hpteammail [trojan] Hpteam mail Neophasis
25 tcp Hybris [trojan] Hybris Neophasis
25 tcp Iloveyou [trojan] I love you Neophasis
25 tcp Kuang2 [trojan] Kuang2 Neophasis
25 tcp MagicHorse [trojan] Magic Horse Neophasis
25 tcp MBTMailBombingTrojan [trojan] MBT (Mail Bombing Trojan) Neophasis
25 tcp MBT [trojan] MBT (Mail Bombing Trojan) Neophasis
25 tcp MoscowEmailtrojan [trojan] Moscow Email trojan Neophasis
25 tcp Naebi [trojan] Naebi Neophasis
25 tcp NewAptworm [trojan] NewApt worm Neophasis
25 tcp ProMailtrojan [trojan] ProMail trojan Neophasis
25 tcp Shtirlitz [trojan] Shtirlitz Neophasis
25 tcp Stealth [trojan] Stealth Neophasis
25 tcp Stukach [trojan] Stukach Neophasis
25 tcp Tapiras [trojan] Tapiras Neophasis
25 tcp Terminator [trojan] Terminator Neophasis
25 tcp WinPC [trojan] WinPC Neophasis
25 tcp WinSpy [trojan] WinSpy Neophasis
25 tcp threat Ajan Bekkoame
25 tcp threat Antigen Bekkoame
25 tcp threat Bancos Bekkoame
25 tcp threat Barok Bekkoame
25 tcp threat Chimo Bekkoame
25 tcp threat Email Password Sender - EPS Bekkoame
25 tcp threat EPS II Bekkoame
25 tcp threat Gip Bekkoame
25 tcp threat Gris Bekkoame
25 tcp threat Happy99 Bekkoame
25 tcp threat Hpteam mail Bekkoame
25 tcp threat Hybris Bekkoame
25 tcp threat I love you Bekkoame
25 tcp threat Kuang2 Bekkoame
25 tcp threat Magic Horse Bekkoame
25 tcp threat MBT (Mail Bombing Trojan) Bekkoame
25 tcp threat Mitglieder Bekkoame
25 tcp threat Moscow Email trojan Bekkoame
25 tcp threat Naebi Bekkoame
25 tcp threat NewApt worm Bekkoame
25 tcp threat ProMail trojan Bekkoame
25 tcp threat Rustock Bekkoame
25 tcp threat Shtirlitz Bekkoame
25 tcp threat Stealth Bekkoame
25 tcp threat Tapiras Bekkoame
25 tcp threat Terminator Bekkoame
25 tcp threat W32.Beagle Bekkoame
25 tcp threat W32.HLLP.Sality Bekkoame
25 tcp threat WinPC Bekkoame
25 tcp threat WinSpy Bekkoame
25 tcp,udp smtp Simple Mail Transfer [RFC5321] , modified: 2017-06-05 IANA
63 records found
jump to:
 go
previous next

Related ports: 26  110  143  125  465  2525  110  443  

« back to SG Ports


External Resources
SANS ISC: port 25

Notes:
Port numbers in computer networking represent communication endpoints. Ports are unsigned 16-bit integers (0-65535) that identify a specific process, or network service. IANA is responsible for internet protocol resources, including the registration of commonly used port numbers for well-known internet services.
Well Known Ports: 0 through 1023.
Registered Ports: 1024 through 49151.
Dynamic/Private : 49152 through 65535.

TCP ports use the Transmission Control Protocol, the most commonly used protocol on the Internet and any TCP/IP network. TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and that packets will be delivered in the same order in which they were sent. Guaranteed communication/delivery is the key difference between TCP and UDP.

UDP ports use the Datagram Protocol. Like TCP, UDP is used in combination with IP (the Internet Protocol) and facilitates the transmission of datagrams from one computer to applications on another computer, but unlike TCP, UDP is connectionless and does not guarantee reliable communication; it's up to the application that received the message to process any errors and verify correct delivery. UDP is often used with time-sensitive applications, such as audio/video streaming and realtime gaming, where dropping some packets is preferable to waiting for delayed data.

When troubleshooting unknown open ports, it is useful to find exactly what services/processes are listening to them. This can be accomplished in both Windows command prompt and Linux variants using the "netstat -aon" command. We also recommend runnig multiple anti-virus/anti-malware scans to rule out the possibility of active malicious software. For more detailed and personalized help please use our forums.

Please use the "Add Comment" button below to provide additional information or comments about port 25.
  Post your review/comments
    rate:
   avg:
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About