Shortcuts
|
Vulnerable Ports
This list (a very small part of our SG Ports database) includes TCP/UDP ports currently tested by our Security Scanner, and corresponding potential security threats.
We update the list on a regular basis, however if you feel we should add other port(s) to the list or modify their descriptions, please .
Any feedback and suggestions can also be posted to our Security forum.
| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 2664 |
tcp,udp |
patrol-mq-gm |
not scanned |
Patrol for MQ GM |
| 2665 |
tcp,udp |
patrol-mq-nm |
not scanned |
Patrol for MQ NM |
| 2677 |
tcp,udp |
gadgetgate1way |
not scanned |
Gadget Gate 1 Way |
| 2678 |
tcp,udp |
gadgetgate2way |
not scanned |
Gadget Gate 2 Way |
| 2696 |
tcp,udp |
unifyadmin |
not scanned |
Unify Admin [Daegis_Inc] (IANA official) |
| 2698 |
tcp,udp |
mck-ivpip |
not scanned |
Citel
IANA registered for: MCK-IVPIP |
| 2699 |
tcp |
trojans |
not scanned |
Backdoor.Jittar [Symantec-2003-100316-2418-99] (2003.10.03) - a backdoor trojan horse that gives its creator remote access to and complete control over a compromised system. By default it uses ports 1309 and 2699 to listen for commands from the trojan's creator. The existence of the file dm_mgr.exe or linxup.exe is an indication of a possible infection.
Port is also IANA registered for Csoft Plus Client |
| 2700 |
tcp |
trojans |
not scanned |
KnowShowGo P2P
Backdoor.actx [Symantec-2002-052316-2753-99] (2002.05.23) - a Backdoor.Trojan which can allow unauthorized access to your computer.
Port is also IANA registered for tqdata |
| 2701 |
tcp |
sccm |
not scanned |
Microsoft System Center Configuration Manager (SCCM) remote control uses TCP ports 2701 and 2702.
SMS RCINFO (IANA official) |
| 2702 |
tcp |
trojan |
Premium scan |
Microsoft System Center Configuration Manager (SCCM) remote control uses TCP ports 2701 and 2702.
Black Diver
The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
References: [CVE-2004-0728] |
| 2703 |
tcp,udp |
sms-chat |
not scanned |
SMS CHAT (IANA official)
Vipul's Razor distributed, collaborative, spam-detection-and-filtering network uses port 2703 (TCP). |
| 2705 |
tcp,udp |
applications |
not scanned |
LapLink Sharedirect |
| 2707 |
tcp |
trojans |
Premium scan |
Backdoor.Bigfoot [Symantec-2003-050116-1402-99] (2003.05.01) - a backdoor trojan that allows a hacker to remotely control your computer. By default this trojan opens port 2707 for listening.
Port is also IANA registered for EMCSYMAPIPORT |
| 2710 |
tcp,udp |
sso-service |
not scanned |
XBT Tracker (TCP), XBT Tracker experimental UDP tracker extension (UDP), Knuddels.de
IANA registered for: SSO Service |
| 2716 |
tcp |
trojan |
Premium scan |
The Prayer |
| 2717 |
tcp,udp |
pn-requester |
not scanned |
PN REQUESTER |
| 2718 |
tcp,udp |
pn-requester2 |
not scanned |
PN REQUESTER 2
The Prayer 2 trojan horse also uses port 2718 (TCP). |
| 2721 |
tcp |
trojan |
Premium scan |
Phase Zero |
| 2723 |
tcp,udp |
watchdog-nt |
not scanned |
IANA registered for: WatchDog NT Protocol |
| 2727 |
tcp,udp |
mgcp-callagent |
not scanned |
Media Gateway Control Protocol Call Agent
ShoreTel IP Telephony system uses the following ports
2427 UDP - IP phones listening port
2727 UDP - switches listening port
5004 UDP - voice packets
5440 TCP - HTTP CSIS, 5440 UDP - Location Service Protocol
5441 UDP - ShoreSIP
5442, 5446 UDP - DRS
5443, 5444, 5445 UDP - Bandwidth Reservation Protocol
5447, 5449, 5469 TCP - CAS & web proxy
5555 TCP - Shoreline diagnostic port (ipbxctl –diag) |
| 2735 |
tcp,udp |
netiq-mc |
not scanned |
IANA registered for: NetIQ Monitor Console |
| 2741 |
tcp,udp |
tsb |
not scanned |
TSB |
| 2742 |
tcp,udp |
tsb2 |
not scanned |
TSB2 |
| 2745 |
tcp |
trojans |
Members scan |
Beagle.C [Symantec-2004-022715-1724-99] (2004.02.28) through Beagle.K [Symantec-2004-030312-0201-99] (2004.03.03) - mass mailing worms that use their own SMTP engine and open a backdoor on port 2745. They spread through email and file-sharing networks. |
| 2746 |
tcp,udp |
checkpoint |
not scanned |
Check Point VPN-1 SecuRemote IPSEC Transport Encapsulation Protocol
Check Point ports:
259 udp - MEP configuration
264 tcp - Topology download
500 tcp/udp - IKE
2746 udp - UDP Encapsulation.
18231 tcp - Policy Server logon, when the client is inside the network
18232 tcp - Distribution server when the client is inside the network
18233 udp - Keep-alive protocol when the client is inside the network
18234 udp - Performing tunnel test, when the client is inside the network
18264 tcp - ICA certificate registration
Port is IANA registered for: CPUDPENCAP |
| 2747 |
tcp,udp |
fjippol-swrly |
not scanned |
fjippol-swrly |
| 2748 |
tcp,udp |
fjippol-polsvr |
not scanned |
The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x and 6.x allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748.
References: [CVE-2008-2061], [BID-29933]
Port is also IANA registered for fjippol-polsvr. |
| 2749 |
tcp,udp |
fjippol-cnsl |
not scanned |
fjippol-cnsl |
| 2766 |
tcp |
trojan |
Premium scan |
W32.HLLW.Deadhat [Symantec-2004-020619-0805-99] (2004.02.06) - a worm with backdoor capabilities. It attempts to uninstall the W32.Mydoom.A@mm and W32.Mydoom.B@mm worms, and then it spreads to other systems infected with Mydoom. Also, it spreads through the Soulseek file-sharing program.
Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (a.k.a. System V listener) port, TCP port 2766.
References: [CVE-1999-1588], [BID-2319] |
| 2766 |
udp |
games |
not scanned |
Tachyon - The Fringe |
| 2772 |
tcp |
trojan |
Premium scan |
Backdoor.SubSeven [Symantec-2001-020114-5445-99] |
| 2773 |
tcp |
trojans |
Premium scan |
Trojans: SubSeven, SubSeven 2.1 Gold, BackDoor-G
RBackup Remote Backup (IANA official) |
| 2774 |
tcp |
trojans |
Premium scan |
trojans: SubSeven, SubSeven 2.1 Gold
Ports are also IANA registered for: RBackup Remote Backup |
| 2776 |
tcp,udp |
ridgeway1 |
not scanned |
Ridgeway Systems & Software |
| 2777 |
tcp,udp |
ridgeway2 |
not scanned |
Ridgeway Systems & Software |
| 2779 |
tcp,udp |
lbc-sync |
not scanned |
LBC Sync |
| 2780 |
tcp,udp |
lbc-control |
not scanned |
LBC Control |
| 2784 |
tcp |
trojans |
Members scan |
Backdoor.Sdbot.AO [Symantec-2005-013016-4636-99] (2005.01.30) - worm with backdoor capabilities. Gives remote access to the compromised PC, via IRC channels on port 2784. |
| 2794 |
tcp,udp |
urp |
not scanned |
Uniform Resource Platform (IANA official) |
| 2800 |
tcp |
trojan |
Premium scan |
Theef |
| 2801 |
tcp |
trojan |
Premium scan |
Phineas Phucker trojan |
| 2801 |
udp |
games |
not scanned |
The Guild 2 |
| 2809 |
tcp,udp |
corbaloc |
not scanned |
IBM WebSphere Application Server (WAS) Bootstrap/rmi default (TCP)
IANA registered for: CORBA LOC |
| 2810 |
udp |
applications |
not scanned |
HP Intelligent Management Center (IMC) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the dbman.exe component. By sending a specially-crafted packet to UDP port 2810, a remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges or cause the application to crash.
References: [CVE-2011-1850], [BID-47789] |
| 2811 |
tcp,udp |
gsiftp |
not scanned |
IANA registered for: GSI FTP |
| 2812 |
tcp |
monit |
not scanned |
Monit is a utility for monitoring and managing server processes - it runs its own web server on port 2812/tcp |
| 2813 |
tcp,udp |
llm-pass |
not scanned |
llm-pass |
| 2814 |
tcp,udp |
llm-csv |
not scanned |
llm-csv |
| 2815 |
tcp,udp |
lbc-measure |
not scanned |
LBC Measurement |
| 2816 |
tcp,udp |
lbc-watchdog |
not scanned |
The Guild 2, Microsoft Robotics - Visual Simulation Environment
IANA registered for: LBC Watchdog |
| 2817 |
tcp |
trojans |
Premium scan |
W32.Mytob.FI@mm [Symantec-2005-061710-5807-99] (2005.06.17) - mass-mailing worm that opens a backdoor and listens for remote commands on port 2817/tcp. |
| 2821 |
tcp,udp |
veritas |
not scanned |
Port used by Veritas PBX (Private Branch Exchange) Service
Veritas uses the following ports:
1556 - Veritas PBX Service
2821 - VxSS Authentication Service
4032 - VxSS Authorization Service
13724 - Veritas NetBackup Network Service
13783 - nbatd
13722 - nbazd
|
| 2823 |
tcp,udp |
cqg-netlan |
not scanned |
CQG Net/LAN |
| 2824 |
tcp,udp |
cqg-netlan-1 |
not scanned |
CQG Net/LAN 1 |
| 2827 |
tcp,udp |
slc-ctrlrloops |
not scanned |
I2P Basic Open Bridge API (TCP)
IANA registered for: slc ctrlrloops |
| 2832 |
tcp,udp |
silkp4 |
not scanned |
Media Streaming, Live Blogging Sametime 751 (peer-to-peer video feed), FlashFXP
IANA registered for: silkp4 |
| 2834 |
tcp,udp |
evtp |
not scanned |
EVTP |
| 2835 |
tcp,udp |
evtp-data |
not scanned |
EVTP-DATA |
| 2844 |
tcp,udp |
bpcp-poll |
not scanned |
BPCP POLL |
| 2845 |
tcp,udp |
bpcp-trap |
not scanned |
BPCP TRAP |
| 2860 |
tcp,udp |
dialpad-voice1 |
not scanned |
Dialpad Voice 1 |
| 2861 |
tcp,udp |
dialpad-voice2 |
not scanned |
Dialpad Voice 2 |
| 2864 |
tcp,udp |
astronova-main |
not scanned |
IANA registered for: main 5001 cmd |
| 2868 |
tcp,udp |
npep-messaging |
not scanned |
IANA registered for: Norman Proprietaqry Events Protocol |
| 2869 |
tcp,udp |
icslap |
Members scan |
Microsoft Internet Connection Firewall (ICF), Internet Connection Sharing (ICS), SSDP Discover Service, Microsoft Universal Plug and Play (UPnP), Microsoft Event Notification
IANA registered for: ICSLAP |
| 2872 |
tcp,udp |
radix |
not scanned |
RADIX [Stein_Roger_Skaflott] (IANA official) |
| 2873 |
tcp,udp |
psrt |
not scanned |
PubSub Realtime Telemetry Protocol (IANA official) |
| 2874 |
tcp,udp |
dxmessagebase1 |
not scanned |
DX Message Base Transport Protocol |
| 2875 |
tcp,udp |
dxmessagebase2 |
not scanned |
DX Message Base Transport Protocol |
| 2890 |
tcp |
games |
not scanned |
Neverwinter Nights |
| 2900 |
tcp,udp |
games |
not scanned |
Dungeons & Dragons Online uses ports 2900-2910 |
| 2904 |
tcp,udp,sctp |
m2ua |
not scanned |
Trojan-Dropper.Win32.Small.fp / Unauthenticated Open Proxy - the malware listens on random TCP ports like 2904, 1200 etc. Third-party attackers who can connect to the infected system can relay requests from the original connection to the destination and then back to the origination system. Attackers may then be able to launch attacks, download files or port scan third party systems and it will appear as the attacks originated from that infected host.
References: [MVID-2021-0312]
M2UA (IANA official) |
| 2905 |
tcp,sctp |
m3ua |
not scanned |
M3UA [RFC 4666] |
| 2910 |
tcp,udp |
games |
not scanned |
Dungeons & Dragons Online uses ports 2900-2910 |
| 2915 |
tcp,udp |
tksocket |
not scanned |
TK Socket [Dino_Ciano] (IANA official) |
| 2916 |
tcp,udp |
elvin_server |
not scanned |
Elvin Server |
| 2917 |
tcp,udp |
elvin_client |
not scanned |
Elvin Client |
| 2929 |
tcp |
amx-webadmin |
Premium scan |
Trojans using this port: Konik
An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctweb_server binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns proper CORS headers, it's accessible to all websites via the browser. At a bare minimum, this allows an attacker to retrieve a list of the user's installed apps, notifications, and downloads. It also allows an attacker to delete local files and modify system properties including the boolean persist.moz.killswitch property (which would render the device inoperable). This vulnerability is partially mitigated by SELinux which prevents reads, writes, or modifications to files or permissions within protected partitions.
References: [CVE-2023-33294]
AMX-WEBADMIN (PANJA-WEBADMIN) (IANA official) |
| 2930 |
tcp,udp |
amx-weblinx |
not scanned |
PANJA-WEBLINX
IANA registered for: AMX-WEBLINX |
| 2934 |
tcp,udp |
games |
not scanned |
Falcon 4 |
| 2935 |
tcp,udp |
games |
not scanned |
Falcon 4 |
| 2938 |
tcp,udp |
sm-pas-1 |
not scanned |
SM-PAS-1 |
| 2939 |
tcp,udp |
sm-pas-2 |
not scanned |
SM-PAS-2 |
| 2940 |
tcp,udp |
sm-pas-3 |
not scanned |
SM-PAS-3 |
| 2941 |
tcp,udp |
sm-pas-4 |
not scanned |
SM-PAS-4 |
| 2944 |
tcp,udp,sctp |
megaco-h248 |
not scanned |
Megaco-H.248 text |
| 2945 |
tcp,udp,sctp |
h248-binary |
not scanned |
Megaco/H.248 binary |
| 2947 |
tcp,udp |
gpsd |
not scanned |
IANA registered for: GPS Daemon request/response protocol |
| 2948 |
udp |
applications |
not scanned |
The Sony Ericsson W910i, W660i, K618i, K610i, Z610i, K810i, K660i, W880i, and K530i phones allow remote attackers to cause a denial of service (device reboot or hang-up) via a malformed WAP Push packet to SMS or UDP port 2948.
References: [CVE-2009-0396] [BID-33433]
ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13 and possibly earlier, allow remote attackers to cause a denial of service (resource exhaustion and application crash) via WAPPush messages to UDP port UDP 2948.
References: [CVE-2006-4132] [BID-19451] [SECUNIA-21426]
WAP PUSH (IANA official) |
| 2949 |
tcp,udp |
wap-pushsecure |
not scanned |
IANA registered for: WAP-pushsecure Multimedia Messaging Service (MMS) |
| 2953 |
tcp,udp |
ovalarmsrv |
not scanned |
OVALARMSRV |
| 2954 |
tcp,udp |
ovalarmsrv-cmd |
not scanned |
Integer overflow in ovalarmsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted command to TCP port 2954, which triggers a heap-based buffer overflow.
References: [CVE-2008-2438], [BID-34738]
Multiple stack-based buffer overflows in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, and possibly 7.01, 7.50, and 7.53, allow remote attackers to execute arbitrary code via a long (1) REQUEST_SEV_CHANGE (aka number 47), (2) REQUEST_SAVE_STATE (aka number 61), or (3) REQUEST_RESTORE_STATE (aka number 62) request to TCP port 2954.
References: [CVE-2008-3544] [BID-28668] [SECUNIA-31688]
Port is also IANA registered for OVALARMSRV-CMD. |
| 2962 |
tcp,udp |
iph-policy-cli |
not scanned |
IPH-POLICY-CLI |
| 2963 |
tcp,udp |
iph-policy-adm |
not scanned |
IPH-POLICY-ADM |
| 2964 |
tcp,udp |
bullant-srap |
not scanned |
BULLANT SRAP |
| 2965 |
tcp,udp |
bullant-rap |
not scanned |
BULLANT RAP |
| 2967 |
tcp |
worm |
not scanned |
W32.Sagevo [Symantec-2006-121309-3331-99] (2006.12.13) - a worm that spreads by exploiting the Symantec Client Security and Symantec AntiVirus Elevation of Privilege (as described in Symantec Advisory SYM06-010). The worm lowers security settings and may download other threats. |
| 2967 |
tcp |
symantec |
not scanned |
Symantec Endpoint Protection (SEP). The Group Update Provider (GUP) proxy functionality of SEP client listens on this port. |
| 2968 |
tcp,udp |
enpp |
not scanned |
Epson software update tool (EEventMan, MacOS)
Rtvscan (Symantec Antivirus) for Novell NetWare servers
SDBot trojan [Symantec-2002-051312-3628-99]
ENPP (IANA official) |
| 2977 |
tcp,udp |
ttc-etap-ns |
not scanned |
TTCs Enterprise Test Access Protocol - NS |
Vulnerabilities listed: 100 (some use multiple ports)
|
