Shortcuts
|
Port 9000 Details
known port assignments and vulnerabilities
threat/application/port search:
Port(s) |
Protocol |
Service |
Details |
Source |
9000 |
tcp |
trojans |
Buffalo LinkSystem Web access (unofficial), DBGp, SqueezeCenter web server & streaming, Play! Framework web server
Cisco WebEx
ManageEngine AssetExplorer (IT asset management software) uses port 9000 TCP by default
MIS Comunicator Sysdev MSS (Mobile Sales System) default port
SonarQube Web Server uses port 9000
Emidate
Games that use this port:
EverQuest World server
Dungeons & Dragons Online uses ports 9000-9010 (TCP/UDP)
Lord of the Rings Online uses ports 9000-9010
W32.Randex.CZZ [Symantec-2005-031510-5713-99] (2005.03.15) - network aware worm that attempts to connect to an IRC server on port 9000/tcp for remote instructions.
W32.Mytob.GK@mm [Symantec-2005-062814-3052-99] (2005.06.28) - mass-mailing worm that opens a backdoor on port 9000/tcp.
Netministrator trojan uses port 9000.
Gordano NTMail 6.0.3c allows a remote attacker to create a denial of service via a long (>= 255 characters) URL request to port 8000 or port 9000.
References: [CVE-2001-0585] [BID-2494]
Multiple KWORLD products could allow a remote attacker to bypass security restrictions, caused by the failure to validate communications on port 9000. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
References: [XFDB-101454]
Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000.
References: [CVE-2015-8286]
Astoria ARV7510 could allow a remote attacker to gain unauthorized access to the system. By connecting to the 9000 port on the vulnerable device, a remote attacker could exploit this vulnerability to view, modify, delete and upload new files to the USB storage device.
References: [XFDB-104630]
Huawei HG553 could allow a remote attacker to gain unauthorized access to the system. By connecting to the 9000 port on the vulnerable device, a remote attacker could exploit this vulnerability to view, modify, delete and upload new files to the USB storage device.
References: [XFDB-104618]
Observa Telecom VH4032N could allow a remote attacker to gain unauthorized access to the system. By connecting to the 9000 port on the vulnerable device, a remote attacker could exploit this vulnerability to view, modify, delete and upload new files to the USB storage device.
References: [XFDB-104554]
Huawei HG556a could allow a remote attacker to gain unauthorized access to the system. By connecting to the 9000 port on the vulnerable device, a remote attacker could exploit this vulnerability to view, modify, delete and upload new files to the USB storage device.
References: [XFDB-104624]
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request.
References: [CVE-2018-17440], [EDB-45533]
WonderCMS is vulnerable to SSRF Vulnerability. In order to exploit the vulnerability, an attacker must have a valid authenticated session on the CMS. The theme/plugin installer does not sanitize the destination of github/gitlab url, so attacker can point the destination to localhost. When the attacker points the request to localhost, this leads to SSRF vulnerability. The highest impact leads to RCE with gopher scheme and FastCGI running on port 9000.
References: [EDB-49154]
Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verified which allows any arbitrary user on the network to send commands over port 9000. While these commands may not be executed (due to authtoken validation), the Asset Explorer agent will reach out to the manage engine server for an HTTP request. During this process, AEAgent.cpp allocates 0x66 bytes using "malloc". This memory is never free-ed in the program, causing a memory leak. Additionally, the instruction sent to aeagent (ie: NEWSCAN, DELTASCAN, etc) is converted to a unicode string, but is never freed. These memory leaks allow a remote attacker to exploit a Denial of Service scenario through repetitively sending these commands to an agent and eventually crashing it the agent due to an out-of-memory condition.
References: [CVE-2021-20108]
Otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000.
References: [CVE-2021-40376]
Trojan.Win32.Delf.bna / Information Disclosure - the malware listens on TCP port 9000 and has the option to set a password in "Config.ini". Third party attackers who can reach an infected system can view the password in the response, as the malware leaks it upon connecting.
References: [MVID-2021-0385]
Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.
References: [CVE-2023-23452], [CVE-2023-23453], [XFDB-248005], [XFDB-248006] |
SG
|
9000 |
udp |
games |
Asheron's Call
Zmodo DK4001, UDPCast |
SG
|
9000 |
tcp |
|
Buffalo LinkSystem Web access (unofficial) |
Wikipedia
|
9000 |
tcp |
|
DBGp (unofficial) |
Wikipedia
|
9000 |
tcp |
|
SqueezeCenter web server & streaming (unofficial) |
Wikipedia
|
9000 |
udp |
|
UDPCast (unofficial) |
Wikipedia
|
9000 |
tcp |
trojan |
[trojan] Netministrator |
Trojans
|
9000 |
tcp |
Netministrator |
[trojan] Netministrator |
SANS
|
5060,9000-9015 |
udp |
applications |
3CX |
Portforward
|
9000-9001, 9004-9005, 9012-9013 |
udp |
applications |
Asherons Call |
Portforward
|
2900-2910,9000-9010 |
udp |
applications |
Dungeons + Dragons Online |
Portforward
|
9000-9001,9010 |
tcp |
applications |
JetCast |
Portforward
|
2900-2910,9000-9010 |
udp |
applications |
Lord of the Rings Online |
Portforward
|
6073,6500,9000 |
tcp |
applications |
Railroad Tycoon III |
Portforward
|
9000 |
udp |
applications |
SightSpeed |
Portforward
|
9000 |
tcp,udp |
applications |
Tamago |
Portforward
|
9000 |
tcp |
|
AltaVista HTTP Server - may be an attempt to compromise an AltaVista HTTP (web) server. |
Bekkoame
|
9000 |
tcp |
threat |
Sendmail Switch SDAP Sendmail's "Switch" protocol listens on this TCP port. It also listens on port 8890. |
Bekkoame
|
9000 |
tcp |
threat |
W32.Esbot |
Bekkoame
|
9000 |
tcp |
threat |
W32.Mytob |
Bekkoame
|
9000 |
tcp |
threat |
W32.Randex |
Bekkoame
|
9000 |
udp |
threat |
Asheron's Call This port is used in Microsoft's massively-multiplayer game called "Asheron's Call". The game can continue to contact the player even after the player has logged out. |
Bekkoame
|
9000 |
tcp,udp |
cslistener |
CSlistener |
IANA
|
|
23 records found
|
jump to:
|
Related ports: 23 8890 9001 9002 9010 9001 9004 9005 9008 9012 9013
« back to SG Ports
External Resources
SANS ISC: port 9000
Notes:
Port numbers in computer networking represent communication endpoints. Ports are unsigned 16-bit integers (0-65535) that identify
a specific process, or network service. IANA is responsible for internet protocol resources, including the registration of commonly
used port numbers for well-known internet services.
Well Known Ports: 0 through 1023.
Registered Ports: 1024 through 49151.
Dynamic/Private : 49152 through 65535.
TCP ports use the Transmission Control Protocol, the most commonly used protocol
on the Internet and any TCP/IP network. TCP enables two hosts
to establish a connection and exchange streams of data. TCP guarantees delivery of data
and that packets will be delivered in the same order in which they were sent.
Guaranteed communication/delivery is the key difference between TCP and UDP.
UDP ports use the Datagram Protocol. Like TCP, UDP is used in combination with IP (the Internet Protocol)
and facilitates the transmission of datagrams from one computer to applications on another computer,
but unlike TCP, UDP is connectionless and does not guarantee reliable communication; it's up to the application that received
the message to process any errors and verify correct delivery. UDP is often used with time-sensitive
applications, such as audio/video streaming and realtime gaming, where dropping some packets is preferable to waiting for delayed data.
When troubleshooting unknown open ports, it is useful to find exactly what services/processes are listening to them.
This can be accomplished in both Windows command prompt and Linux variants using the "netstat -aon" command.
We also recommend runnig multiple anti-virus/anti-malware scans to rule out the possibility of active malicious software.
For more detailed and personalized help please use our forums.
Please use the "Add Comment" button below to provide additional information or comments about port 9000.
|
|
|
|