Shortcuts
|
Vulnerable Ports
This list (a very small part of our SG Ports database) includes TCP/UDP ports currently tested by our Security Scanner, and corresponding potential security threats.
We update the list on a regular basis, however if you feel we should add other port(s) to the list or modify their descriptions, please .
Any feedback and suggestions can also be posted to our Security forum.
| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 3417 |
tcp |
trojan |
Premium scan |
Xposure trojan |
| 3418 |
tcp |
trojans |
Premium scan |
Backdoor.Delf.hp a.k.a. SpySender - remote access trojan, affects Windows 9x/NT/2k/XP/Vista, uses ports 1807, 3418.
Xposure trojan |
| 3420 |
tcp,udp |
ifcp-port |
not scanned |
iFCP User Port (IANA official) [RFC 4172] |
| 3422 |
tcp,udp |
rusb-sys-port |
not scanned |
Malicious services using this port: IRC Bots
IANA registered for: Remote USB System Port |
| 3423 |
tcp,udp |
xtrm |
not scanned |
xTrade Reliable Messaging |
| 3424 |
tcp,udp |
xtrms |
not scanned |
xTrade over TLS/SSL |
| 3433 |
tcp,udp |
opnet-smp |
not scanned |
OPNET Service Management Platform [OPNET_Technologies_Inc] (IANA official) |
| 3434 |
tcp |
trojans |
not scanned |
Backdoor.Slao [Symantec-2003-052610-2111-99] (2003.05.26) - a backdoor trojan horse that allows unauthorized access to an infected computer.
Port is also IANA registered for OpenCM Server |
| 3436,3437 |
tcp |
trojans |
Premium scan |
Backdoor.Netjoe [Symantec-2004-111613-5136-99] (2004.11.16) - remote access trojan. Affects all current Windows versions, opens TCP ports 3436 and 3437. |
| 3445 |
tcp,udp |
monp |
not scanned |
Media Object Network Protocol (IANA registered) |
| 3450 |
tcp,udp |
castorproxy |
not scanned |
Virtual Places Voice Chat, TrackMania Forever (TCP), Virtual Skipper 5
Malicious services using this port: Trojan Proxy
IANA registered for: CAStorProxy |
| 3453 |
tcp |
games |
not scanned |
Bungie.net, Myth, Myth II Server |
| 3455 |
tcp,udp |
prsvp |
not scanned |
Games: Painkiller, developer: People Can Fly
IANA registered for: RSVP Port |
| 3456 |
tcp |
trojans |
Premium scan |
Backdoor.Fearic [Symantec-2002-080710-2744-99] (2002.08.07) - remote access trojan. Affects all current Windows versions, opens ports 2000, 3456, 8811.
Some other trojans using this port: Teror Trojan, Fear, Force.
IANA registered for: VAT default data |
| 3457 |
tcp |
trojans |
Premium scan |
Backdoor.Amitis [Symantec-2003-010717-1940-99] - remote access trojan, 05.2003. Affects all current Windows versions, listens on ports 3547, 7823, 12345, 13173, 44280, 44390, 47387, 64429
IANA registered for: VAT default control |
| 3459 |
tcp |
trojans |
Premium scan |
Trojans that use this port: Eclipse 2000, Sanctuary
Port IANA registered for: TIP Integral |
| 3460 |
tcp,udp |
edm-manager |
not scanned |
EDM Manger
Backdoor.Win32.PoisonIvy.ymw / Insecure Credential Storage - PoisonIvy listens on TCP port 3460 by default but that can be changed. When generating PoisonIvy PE files, credentials are stored in cleartext if not using the PasswordKey=1 option which gets stored in ".pik" files. The "Ivy.ini" configuration and profile ".pip" files also contain credentials in cleartext.
[MVID-2024-0688] |
| 3461 |
tcp,udp |
edm-stager |
not scanned |
EDM Stager |
| 3462 |
tcp,udp |
edm-std-notify |
not scanned |
Software distribution
IANA registered for: EDM STD Notify |
| 3463 |
tcp,udp |
edm-adm-notify |
not scanned |
EDM ADM Notify |
| 3464 |
tcp,udp |
edm-mgr-sync |
not scanned |
EDM MGR Sync |
| 3465 |
tcp,udp |
edm-mgr-cntrl |
not scanned |
EDM MGR Cntrl
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.
References: [CVE-2015-1497], [XFDB-100920] |
| 3470 |
tcp,udp |
jt400 |
not scanned |
Worms using this port: I-Worm/Mytob.BO (W32/Mytob)
IANA registered for: jt400 |
| 3471 |
tcp,udp |
jt400-ssl |
not scanned |
jt400-ssl |
| 3472 |
tcp,udp |
jaugsremotec-1 |
not scanned |
JAUGS N-G Remotec 1 |
| 3473 |
tcp,udp |
jaugsremotec-2 |
not scanned |
JAUGS N-G Remotec 2 |
| 3478 |
tcp,udp |
stun |
Members scan |
VoIP STUN (Session Traversal Utilities for NAT) port. It operates on port 3478 TCP/UDP, may also use port 19302 UDP. It is usually supported by newer VoIP devices. [RFC5389] [RFC5766] [RFC5780]
Microsoft Teams uses UDP ports 3478 through 3481
WhatsApp uses these ports:
80, 443, 4244, 5222, 5223, 5228, 5242 TCP
50318, 59234 TCP/UDP
3478, 45395 UDP
Ubiquiti UniFi Controller uses these ports:
8080 TCP - http port for UAP to inform controller
8443 TCP - https port for controller GUI/API
8880 TCP - http portal redirect port (may also use ports 8881, 8882)
8843 TCP - https portal redirect port
3478 UDP - STUN port (should be open at firewall)
Ubiquiti UniFi Cloud Access uses these ports:
443 TCP/UDP - Cloud Access service
3478/UDP - port used for STUN
8883/TCP - Cloud Access service
Apple FaceTime, Apple Game Center use ports 3478-3497 (UDP).
Playstation 4 game ports:
TCP 1935, 3478-3480
UDP 3074, 3478, 3479
Test Drive Unlimited 2, Motorola Ojo, Call of Duty World at War also use this port (UDP).
Elite Dangerous: Horizons pings port 3478 every 5 minutes.
IANA registered for: TURN over TCP |
| 3479 |
udp |
games |
not scanned |
Microsoft Teams uses UDP ports 3478 through 3481 for media traffic, as well as TCP ports 80 and 443.
Apple FaceTime, Apple Game Center use ports 3478-3497 (UDP).
Call of Duty World at War
Playstation 4 game ports:
TCP 1935, 3478-3480
UDP 3074, 3478, 3479 |
| 3480 |
tcp |
applications |
not scanned |
PlayStation Home uses port 3480 TCP. Playstation 4 game ports:
TCP 1935, 3478-3480
UDP 3074, 3478, 3479 |
| 3480 |
udp |
ooma |
not scanned |
Microsoft Teams uses UDP ports 3478 through 3481 for media traffic, as well as TCP ports 80 and 443.
Ooma VoIP - uses UDP port 1194 (VPN tunnel to the Ooma servers for call/setup control), ports 49000-50000 for actual VoIP data, and ports TCP 443, UDP 514, UDP 3480
|
| 3481 |
udp |
teams |
not scanned |
Microsoft Teams uses UDP ports 3478 through 3481 for media traffic, as well as TCP ports 80 and 443. |
| 3483 |
tcp,udp |
slim-devices |
not scanned |
IANA registered for: Slim Devices Protocol |
| 3493 |
tcp,udp |
nut |
not scanned |
Network UPS Tools (IANA official) |
| 3495 |
tcp,udp |
seclayer-tcp |
not scanned |
securitylayer over tcp |
| 3496 |
tcp,udp |
seclayer-tls |
not scanned |
securitylayer over tls |
| 3497 |
udp |
games |
not scanned |
GTR FIA GT Racing Game |
| 3500 |
tcp |
rtmp-port |
Premium scan |
Port used by Blackberry Enterprise Server (BES). Also uses port 3101/tcp.
robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a packet to TCP port 3500.
References: [CVE-2008-2157] [SECUNIA-30410]
An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 3500). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
References: [CVE-2024-52544], [XFDB-390594]
RTMP Port (IANA official) |
| 3503 |
tcp,udp |
lsp-ping |
not scanned |
MPLS LSP-echo Port [RFC 4379] (IANA official) |
| 3505 |
tcp |
trojan |
Premium scan |
AutoSpY |
| 3506 |
udp |
games |
not scanned |
Take2 Bet On Soldier: Blood Sports (may require GameSpy ports to be opened - http://www.gamespyarcade.com/support/firewalls.shtml) |
| 3515 |
tcp |
malware |
not scanned |
Backdoor.Win32.Mazben.me / Unauthenticated Open Proxy - the malware listens on random TCP ports like 3515, 7936, 3972. Third-party attackers who can connect to the infected system can relay requests from the original connection to the destination and then back to the origination system. Attackers may then be able to launch attacks, download files or port scan third party systems and it will appear as the attacks originated from that infected host.
References: [MVID-2021-0302] |
| 3516 |
tcp,udp |
smartcard-port |
not scanned |
IANA registered for: Smartcard Port |
| 3521 |
tcp,udp |
mc3ss |
Premium scan |
Applications: StarTrek network game
Malicios services using this port: W32.K0wbot worm
IANA registered for: Telequip Labs MC3SS; NFS service for the domain root, the root of an organization's published file namespace (TCP) [RFC 6641] |
| 3527 |
tcp,udp |
veritas |
not scanned |
Microsoft Message Queuing (MSMQ) uses the following ports:
1801 TCP/UDP
2101, 2103, 2105 (RPC over TCP)
3527 UDP
Threats using this port: Zvrop
VERITAS Backup Exec Server (IANA registered) |
| 3535 |
tcp,udp |
ms-la |
not scanned |
SMTP alternate uses port 3535 (TCP).
IANA registered for: MS-LA |
| 3537 |
tcp,udp |
ni-visa-remote |
not scanned |
IANA registered for: Remote NI-VISA port |
| 3538 |
tcp,udp |
ibm-diradm |
not scanned |
IBM Directory Server |
| 3539 |
tcp,udp |
ibm-diradm-ssl |
not scanned |
IBM Directory Server SSL |
| 3544 |
tcp,udp |
applications |
not scanned |
Teredo Port [RFC 4380] (IANA official) - an IPv6 transition technology that tunnels IPv6 packets as IPv4-based User Datagram Protocol (UDP) messages using UDP port 3544.
Xbox 360 (LIVE) ports: 3074 TCP/UDP, 53 TCP/UDP, 80 TCP, 88 UDP
Xbox One (LIVE) ports: 3074 TCP/UDP, 53 TCP/UDP, 80 TCP, 88 UDP, 500 UDP, 3544 UDP, 4500 UDP
Settlers 7 game ports: 13005, 13200 TCP and 3544, 9103, 13005, 21000-29999 UDP |
| 3547 |
tcp |
trojan |
Premium scan |
Backdoor.Amitis.B [Symantec-2003-051915-1012-99] (2003.05.19) Windows remote access trojan. Listens on ports 3547, 7823, 12345, 13173, 44280, 44390, 47387, 64429. Other variants of Backdoor.Amitis also use ports 27, 551. |
| 3550 |
tcp,udp |
applications |
not scanned |
GeoVision RemoteView |
| 3551 |
tcp,udp |
apcupsd |
not scanned |
Apcupsd Information Port (IANA official) |
| 3567 |
tcp,udp |
oap |
not scanned |
Object Access Protocol
EMIT protocol stack [Panasonic_Intranet_Panasonic_North_America_PEWLA] (IANA official)
DOF Protocol Stack (IANA official) |
| 3568 |
tcp,udp |
oap-s |
not scanned |
Dark Reign 2, Delta Force 2
EMIT secure tunnel [Panasonic_Intranet_Panasonic_North_America_PEWLA] (IANA official)
DOF Secure Tunnel (IANA official) |
| 3569 |
tcp,udp |
mbg-ctrl |
not scanned |
IANA registered for: Meinberg Control Service |
| 3585 |
tcp,udp |
emprise-lls |
not scanned |
Emprise License Server |
| 3586 |
tcp,udp |
emprise-lsc |
not scanned |
License Server Console
Snid X2 trojan horse also uses port 3585 (TCP). |
| 3587 |
tcp |
trojan |
Premium scan |
ShitHead trojan |
| 3591 |
tcp,udp |
gtrack-server |
not scanned |
LOCANIS G-TRACK Server |
| 3592 |
tcp,udp |
gtrack-ne |
not scanned |
LOCANIS G-TRACK NE Port |
| 3601 |
tcp,udp |
applications |
not scanned |
SAP Message Server Port (TCP)
Visinet Gui (IANA official) |
| 3603 |
tcp,udp |
applications |
not scanned |
Polycom ViaVideo is vulnerable to a denial of service attack caused by a buffer overflow in the Web server component. By sending an overly long HTTP GET request to the ViaVideo Web server listening on port 3603, a remote attacker could overflow a buffer and cause the Web server to crash.
References: [CVE-2002-1905], [BID-5964]
Port is also IANA registered for Integrated Rcvr Control |
| 3605 |
tcp,udp |
comcam-io |
not scanned |
IANA registered for: ComCam IO Port |
| 3606 |
tcp,udp |
splitlock |
not scanned |
IANA registered for: Splitlock Server |
| 3612 |
tcp,udp |
dataprotector |
not scanned |
IANA registered for: Micro Focus Data Protector |
| 3614 |
tcp,udp |
sigma-port |
not scanned |
Satchwell Sigma [Dave_Chapman] (IANA official) |
| 3628 |
tcp |
applications |
not scanned |
Trend ServerProtect Agent service is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the RPCFN_CopyAUSrc function. By sending a specially-crafted RPC request to the SpntSvc.exe service on TCP port 3628, a remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges or cause the application to crash.
References: [CVE-2007-4218], [BID-25395]
Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library in SpntSvc.exe; or (2) TCP port 3628, which triggers an overflow in EarthAgent.exe. NOTE: both issues are reachable via TmRpcSrv.dll.
References: [CVE-2007-2508] [SECUNIA-25186] [BID-23868] [OSVDB-35790]
Port is also IANA registered for EPT Machine Interface |
| 3632 |
tcp,udp |
distcc |
not scanned |
3632 is default listen port for distcc daemon (distributed C/C++ compiler). It only supports IP based authentication and defaults to allow from all, which means anyone can use it. It does no other harm than letting others to use your hardware (at +5 nice) to speed up their compilation process. |
| 3649 |
tcp,udp |
nmmp |
not scanned |
IANA registered for: Nishioka Miyuki Msg Protocol |
| 3653 |
tcp,udp |
tsp |
not scanned |
Tunnel Setup Protocol [RFC 5572] (IANA official) |
| 3655 |
tcp,udp |
abatemgr |
not scanned |
ActiveBatch Exec Agent (IANA official) |
| 3658 |
udp |
games |
not scanned |
Games that use this port: FIFA 2005, Star Wars Republic Commando (TCP/UDP), Star Wars Empire at War, NHL 2005, UEFA EURO 2004, ToCA Race Driver 3, NBA Live 06
Playstation 3 uses these ports:
TCP 5223
UDP 5223, 3478, 3479, 3658 |
| 3659 |
tcp,udp |
games |
not scanned |
Gemes that use port 3659: Burnout Paradise (PS3), Star Wars Republic Commando, Star Wars Empire at War, NHL 2004 (UDP), FIFA Soccer 2009 (TCP), Dead Space 3, various EA titles.
Apple SASL, Mac OS X Password Server also use this port. |
| 3660 |
tcp,udp |
can-nds-ssl |
not scanned |
AudioReQuest, Starwars Empire at War
IANA registered for: IBM Tivoli Directory Service using SSL |
| 3661 |
tcp,udp |
can-ferret-ssl |
not scanned |
IBM Tivoli Directory Service using SSL |
| 3663 |
tcp,udp |
applications |
not scanned |
AudioReQuest |
| 3670 |
tcp,udp |
applications |
not scanned |
VideoReQuest |
| 3679 |
tcp,udp |
newton-dock |
not scanned |
IANA registered for: Newton Dock |
| 3689 |
tcp |
itunes |
not scanned |
iTunes Music Sharing (DAAP) |
| 3690 |
tcp,udp |
applications |
not scanned |
SAM2 Broadcaster, Windows Media Server, Subversion version control system |
| 3700 |
tcp |
LRS NetPage |
Premium scan |
Portal of Doom (coded in Visual Basic, 03.1999) is a popular remote access trojan that uses ports 3700/tcp, 9872-9875/tcp, 10067/udp, 10167/udp.
3700/tcp is also registered with IANA for: LRS NetPage |
| 3702 |
tcp,udp |
wsd |
not scanned |
Web Services Discovery (WSD) is a network plug-and-play experience that allows network-connected IP-based devices to advertise their functionality and offer these services to clients by using the Web Services protocol. WSD communicates over HTTP (TCP port 5357), HTTPS (TCP port 5358), and multicast to UDP port 3702.
Port is IANA registered for: Web Services Discovery |
| 3703 |
tcp,udp |
adobeserver-3 |
not scanned |
Adobe Server 3 |
| 3704 |
tcp,udp |
adobeserver-4 |
not scanned |
Adobe Server 4 |
| 3705 |
tcp,udp |
adobeserver-5 |
not scanned |
Adobe Server 5 |
| 3706 |
tcp,udp |
rt-event |
not scanned |
Real-Time Event Port |
| 3707 |
tcp,udp |
rt-event-s |
not scanned |
Real-Time Event Secure Port |
| 3721 |
tcp |
trojan |
Premium scan |
Whirlpool trojan
ES File Explorer FTP server |
| 3723 |
tcp |
trojan |
Premium scan |
Mantis |
| 3724 |
tcp |
games |
Premium scan |
Port used by Warcraft II and III (Blizzard Downloader). It also uses port 6112.
Club Penguin Disney online game for kids also uses this port. |
| 3728 |
tcp,udp |
applications |
not scanned |
TribalWeb |
| 3734 |
tcp,udp |
synel-data |
not scanned |
The Synel SY-780/A Time & Attendance terminal allows remote attackers to cause a denial of service (device hang) via network traffic to port (1) 1641, (2) 3734, or (3) 3735.
References: [CVE-2012-2970]
Synel Data Collection Port (IANA official) |
| 3735 |
tcp,udp |
pwdis |
not scanned |
The Synel SY-780/A Time & Attendance terminal allows remote attackers to cause a denial of service (device hang) via network traffic to port (1) 1641, (2) 3734, or (3) 3735.
References: [CVE-2012-2970]
Password Distribution (IANA official) |
| 3737 |
tcp |
trojans |
Premium scan |
Backdoor.Helios [Symantec-2002-091211-5823-99] - remote access trojan. Affects all current Windows versions.
XPanel Daemon also uses this port. |
| 3742 |
tcp,udp |
cst-port |
Premium scan |
Malicious services using this port: Service Tracker Attacks, W32.Mytob (worm)
IANA registered for: CST - Configuration & Service Tracker |
| 3746 |
tcp,udp |
linktest |
not scanned |
LXPRO.COM LinkTest |
| 3747 |
tcp,udp |
linktest-s |
not scanned |
LXPRO.COM LinkTest SSL |
| 3749 |
tcp,udp |
cimtrak |
not scanned |
IANA registered for: CimTrak |
| 3752 |
tcp,udp |
vipremoteagent |
Members scan |
Port is IANA registered for: Vigil-IP RemoteAgent
Worms using this port: W32/Spelit-A, W32/Agobot-AHT
Trojans using this port: Troj/Banker-FZ, Troj/Tanto-H |
| 3761 |
tcp,udp |
gsakmp |
not scanned |
gsakmp port (IANA official) [RFC 4535] |
Vulnerabilities listed: 100 (some use multiple ports)
|
