| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 16969 |
tcp |
trojan |
not scanned |
Priority trojan |
| 16982 |
tcp |
trojan |
Premium scan |
AcidShiver trojan |
| 16999 |
tcp |
trojans |
Premium scan |
Backdoor.Stealer [Symantec-2003-070415-5712-99] (2003.07.04) a.k.a. Trojan.Spy.MSNLogThief [KAV], MSNLogThief [McAfee] - a trojan that gives its creator full control over the infected computer, uses ports 16999,60101. |
| 17000 |
tcp |
applications |
not scanned |
Kaspersky Security Center uses these ports:
8060, 8061 TCP, 15000, 15001 UDP - installation and update packages
8080 TCP - web console
13000 TCP/UDP - server port
13111, 17000, 17100 TCP, 15111 UDP - KSN proxy server
13291, 13292, 13294, 13295, 13299, 14000, 19170 TCP - client device management
Oracle TimesTen In-Memory Database is vulnerable to a denial of service, caused by an error in the timestend daemon. By sending an overly large HTTP request to TCP port 17000, a remote attacker could exploit this vulnerability to cause the process to crash.
References: [BID-38019]
|
| 17001 |
tcp,udp |
applications |
not scanned |
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
References: [CVE-2019-7214]
Backdoor.Win32.Prexot.a / Authentication Bypass - the malware listens on random high TCP ports e.g 11404, 19545, 17001, 10110. Third-party attackers who can reach an infected system can logon using any username/password combination.
References: [MVID-2022-0484]
Backdoor.Win32.Prexot.a / Port Bounce Scan (MITM) - the malware listens on random high TCP ports e.g 11404, 19545, 17001, 10110 and accepts any credentials. Third-party intruders who successfully logon can abuse the backdoor FTP server as a man-in-the-middle machine allowing PORT Command bounce scan attacks using Nmap. This vulnerability allows remote attackers to abuse your system and discreetly conduct network port scanning. Victims will then think these scans are originating from the infected system running the afflicted malware FTP Server and not you.
References: [MVID-2022-0485] |
| 17010 |
tcp |
ncpu |
not scanned |
Games: Worms Armageddon (TCP/UDP)
Plan 9 cpu port (IANA official) |
| 17100 |
tcp |
klactprx |
not scanned |
Kaspersky Security Center uses these ports:
8060, 8061 TCP, 15000, 15001 UDP - installation and update packages
8080 TCP - web console
13000 TCP/UDP - server port
13111, 17000, 17100 TCP, 15111 UDP - KSN proxy server
13291, 13292, 13294, 13295, 13299, 14000, 19170 TCP - client device management
|
| 17166 |
tcp |
trojan |
Premium scan |
Mosaic trojan |
| 17185 |
udp |
applications |
not scanned |
Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support a VxWorks debugger, which allows remote attackers to obtain sensitive information and cause a denial of service.
References: [CVE-2005-3804], [SECUNIA-17604], [BID-15456]
Act P202S VoIP WiFi phone undocumented open port, multiple vulnerabilities.
References: [CVE-2006-0374], [CVE-2006-0375], [BID-16288]
The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185, a related issue to CVE-2005-3804.
References: [CVE-2010-2965]
The debugging feature on the Siemens CP 1604 and CP 1616 interface cards with firmware before 2.5.2 allows remote attackers to execute arbitrary code via a crafted packet to UDP port 17185.
References: [CVE-2013-0659]
This document describes a security vulnerability in Blade Maintenance Entity, Integrated Maintenance Entity and Maintenance Entity products. All J/H-series NonStop systems have a security vulnerability associated with an open UDP port 17185 on the Maintenance LAN which could result in information disclosure, denial-of-service attacks or local memory corruption against the affected system and a complete control of the system may also be possible. This vulnerability exists only if one gains access to the Maintenance LAN to which Blade Maintenance Entity, Integrated Maintenance Entity or Maintenance Entity product is connected. **Workaround:** Block the UDP port 17185(In the Maintenance LAN Network Switch/Firewall). Fix: Install following SPRs, which are already available: * T1805A01^AAI (Integrated Maintenance Entity) * T4805A01^AAZ (Blade Maintenance Entity). These SPRs are also usable with the following RVUs: * J06.19.00 ? J06.23.01. No fix planned for the following RVUs: J06.04.00 ? J06.18.01. No fix planned for H-Series NonStop systems. No fix planned for the product T2805 (Maintenance Entity).
References: [CVE-2020-7131], [XFDB-180715]
Schneider Electric SCADAPack could allow a remote attacker to execute arbitrary code on the system, caused by the enablement of the VxWorks debug agent. By sending specially-crafted requests to UDP Port 17185, an attacker could exploit this vulnerability to gain control of the device or cause a denial of service.
References: [XFDB-91050] |
| 17220 |
tcp,udp |
avtp |
not scanned |
IEEE 1722 Transport Protocol Applications (IANA official) |
| 17221 |
tcp,udp |
avdecc |
not scanned |
Enumeration, Connection management, and Control IEEE 1722.1 AVB Discovery [IEEE 1722 1] (IANA official) |
| 17222 |
udp |
cpsp |
not scanned |
Control Plane Synchronization Protocol |
| 17224 |
udp |
trdp-pd |
not scanned |
Train Realtime Data Protocol (TRDP) Process Data (IANA official) |
| 17225 |
tcp,udp |
trdp-md |
not scanned |
Train Realtime Data Protocol (TRDP) Message Data |
| 17234 |
tcp,udp |
integrius-stp |
not scanned |
Integrius Secure Tunnel Protocol |
| 17300 |
tcp |
trojans |
Premium scan |
Milkit backdoor (Spybot 3), Kuang2 the_Virus trojan. |
| 17310-17542 |
tcp |
applications |
not scanned |
Cisco Prime Central for HCS Assurance is vulnerable to a denial of service, caused by an error in the Cisco Tivoli Business Service Manager (TBSM) component. By sending a flood of TCP packets directed to ports 17310-17542, a remote attacker could exploit this vulnerability to cause the service to hang.
References: [CVE-2013-1174], [XFDB-83250], [BID-58907] |
| 17336 |
udp |
applications |
not scanned |
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388.
References: [CVE-2013-2820] |
| 17388 |
udp |
applications |
not scanned |
The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388.
References: [CVE-2013-2820] |
| 17437 |
tcp,udp |
games |
not scanned |
Kohan Immortal Sovereigns |
| 17440 |
tcp |
vmware |
not scanned |
VMWare TrustPoint Security Platform uses the following ports:
17440/TCP, 443/TCP - console to server communication
17442/TCP - clients to server
17443/TCP - console and trace clients to trace server traffic
17444/TCP - trace clients to module server
17472/TCP - server to zone server, local client to client traffic
17477/TCP - server to module server
|
| 17442 |
tcp |
vmware |
not scanned |
VMWare TrustPoint Security Platform uses the following ports:
17440/TCP, 443/TCP - console to server communication
17442/TCP - clients to server
17443/TCP - console and trace clients to trace server traffic
17444/TCP - trace clients to module server
17472/TCP - server to zone server, local client to client traffic
17477/TCP - server to module server |
| 17442 |
tcp |
vmware |
not scanned |
VMWare TrustPoint Security Platform uses the following ports:
17440/TCP, 443/TCP - console to server communication
17442/TCP - clients to server
17443/TCP - console and trace clients to trace server traffic
17444/TCP - trace clients to module server
17472/TCP - server to zone server, local client to client traffic
17477/TCP - server to module server |
| 17443 |
tcp |
vmware |
not scanned |
VMWare TrustPoint Security Platform uses the following ports:
17440/TCP, 443/TCP - console to server communication
17442/TCP - clients to server
17443/TCP - console and trace clients to trace server traffic
17444/TCP - trace clients to module server
17472/TCP - server to zone server, local client to client traffic
17477/TCP - server to module server |
| 17444 |
tcp |
vmware |
not scanned |
VMWare TrustPoint Security Platform uses the following ports:
17440/TCP, 443/TCP - console to server communication
17442/TCP - clients to server
17443/TCP - console and trace clients to trace server traffic
17444/TCP - trace clients to module server
17472/TCP - server to zone server, local client to client traffic
17477/TCP - server to module server |
| 17449 |
tcp |
trojan |
Premium scan |
Kid Terror trojan |
| 17472 |
tcp |
vmware |
not scanned |
VMWare TrustPoint Security Platform uses the following ports:
17440/TCP, 443/TCP - console to server communication
17442/TCP - clients to server
17443/TCP - console and trace clients to trace server traffic
17444/TCP - trace clients to module server
17472/TCP - server to zone server, local client to client traffic
17477/TCP - server to module server
Tanium Server, Client and Appliance use these TCP ports: 80, 443, 8443, 17472, 17477
|
| 17474 |
udp |
applications |
not scanned |
DMXControl 3 Network Discovery |
| 17475 |
tcp |
games |
not scanned |
Battlefield 2142
Test Drive Unlimited (TCP/UDP)
DMXControl 3 Network Broker |
| 17477 |
tcp |
vmware |
not scanned |
VMWare TrustPoint Security Platform uses the following ports:
17440/TCP, 443/TCP - console to server communication
17442/TCP - clients to server
17443/TCP - console and trace clients to trace server traffic
17444/TCP - trace clients to module server
17472/TCP - server to zone server, local client to client traffic
17477/TCP - server to module server
Tanium Server, Client and Appliance use these TCP ports: 80, 443, 8443, 17472, 17477 |
| 17478 |
udp |
games |
not scanned |
Delta Force - Land Warrior |
| 17490 |
tcp |
trojan |
Premium scan |
CrazzyNet trojan |
| 17499 |
tcp |
trojan |
Premium scan |
CrazzyNet trojan |
| 17500 |
tcp |
trojan |
Premium scan |
CrazzyNet trojan
Dropbox LanSync Protocol (db-lsp) also uses port 17500 (TCP/UDP). It is used to synchronize file catalogs between Dropbox clients on a local network. |
| 17502 |
tcp |
games |
not scanned |
Medal of Honor 2010 |
| 17503 |
tcp |
malware |
not scanned |
Trojan-Proxy.Win32.Ranky.dh / Unauthenticated Open Proxy - the malware listens on TCP port 17503. Third-party attackers
who can connect to the infected system can relay requests from the original connection to the destination and then back to the origination system. Attackers may then be able to launch attacks, download files or port scan third party systems and it will appear as the attacks originated from that infected host.
References: [MVID-2021-0364]
|
| 17555 |
tcp |
ailith |
not scanned |
Ailith management of routers (IANA official) |
| 17569 |
tcp |
trojans |
Premium scan |
Infector trojan, 04,1999. Affects Windows 9x (ICQ). Uses ports 146, 1208, 17569, 24000, 30000 |
| 17593 |
tcp |
trojan |
Premium scan |
AudioDoor trojan |
| 17677 |
udp |
games |
not scanned |
F1 Challenge 99-02, GTR FIA GT Racing Game |
| 17703 |
tcp,udp |
applications |
not scanned |
Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to port 17703.
References: [CVE-2015-2763] |
| 17761 |
udp |
games |
not scanned |
Nascar 3 |
| 17771 |
udp |
applications |
not scanned |
Hamachi
Trojan.Mitglieder.F [Symantec-2004-040514-3126-99] (2004.04.05) - a variant of Trojan.Mitglieder. This trojan horse opens a proxy on the system, attempts to stop security software, and can update itself. |
| 17777 |
tcp |
solarwinds |
Premium scan |
SolarWinds Server & Application Monitor (SAM) uses the following ports:
4369 TCP - RabbitMQ messaging (EMPD)
5671 TCP - RabbitMQ messaging (AMQP over TLS/SSL)
5672 TCP - RabbitMQ messaging (AMQP unencrypted backup port)
17777 TCP - Orion module traffic, RSA handshake, AES 256 communication using WCF
17778 TCP - SolarWinds Information Service API
17779 TCP - SolarWinds Toolset Integration over HTTP
17790 TCP - Agent communication with the Orion server
17791 TCP - Agent communication with the Orion server
25672 TCP - RabbitMQ messaging (Erlang distribution)
SolarWinds also uses the following standard ports: 22/TCP, 25/TCP, 135/TCP, 161-162/UDP, 443/TCP, 445/TCP, 465/TCP, 587/TCP, 1801/TCP
Malware that uses port 17777: Nephron trojan |
| 17778 |
tcp |
solarwinds |
not scanned |
SolarWinds Server & Application Monitor (SAM) uses the following ports:
4369 TCP - RabbitMQ messaging (EMPD)
5671 TCP - RabbitMQ messaging (AMQP over TLS/SSL)
5672 TCP - RabbitMQ messaging (AMQP unencrypted backup port)
17777 TCP - Orion module traffic, RSA handshake, AES 256 communication using WCF
17778 TCP - SolarWinds Information Service API
17779 TCP - SolarWinds Toolset Integration over HTTP
17790 TCP - Agent communication with the Orion server
17791 TCP - Agent communication with the Orion server
25672 TCP - RabbitMQ messaging (Erlang distribution)
SolarWinds also uses the following standard ports: 22/TCP, 25/TCP, 135/TCP, 161-162/UDP, 443/TCP, 445/TCP, 465/TCP, 587/TCP, 1801/TCP
|
| 17779 |
tcp |
solarwinds |
not scanned |
SolarWinds Server & Application Monitor (SAM) uses the following ports:
4369 TCP - RabbitMQ messaging (EMPD)
5671 TCP - RabbitMQ messaging (AMQP over TLS/SSL)
5672 TCP - RabbitMQ messaging (AMQP unencrypted backup port)
17777 TCP - Orion module traffic, RSA handshake, AES 256 communication using WCF
17778 TCP - SolarWinds Information Service API
17779 TCP - SolarWinds Toolset Integration over HTTP
17790 TCP - Agent communication with the Orion server
17791 TCP - Agent communication with the Orion server
25672 TCP - RabbitMQ messaging (Erlang distribution)
SolarWinds also uses the following standard ports: 22/TCP, 25/TCP, 135/TCP, 161-162/UDP, 443/TCP, 445/TCP, 465/TCP, 587/TCP, 1801/TCP
|
| 17781 |
tcp |
applications |
not scanned |
Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller for Cisco Local Director on HP-UX 11.11i allows remote attackers to execute arbitrary code via a long string to TCP port 17781.
References: [CVE-2007-4241], [BID-25227] |
| 17790,17791 |
tcp |
solarwinds |
not scanned |
SolarWinds Server & Application Monitor (SAM) uses the following ports:
4369 TCP - RabbitMQ messaging (EMPD)
5671 TCP - RabbitMQ messaging (AMQP over TLS/SSL)
5672 TCP - RabbitMQ messaging (AMQP unencrypted backup port)
17777 TCP - Orion module traffic, RSA handshake, AES 256 communication using WCF
17778 TCP - SolarWinds Information Service API
17779 TCP - SolarWinds Toolset Integration over HTTP
17790 TCP - Agent communication with the Orion server
17791 TCP - Agent communication with the Orion server
25672 TCP - RabbitMQ messaging (Erlang distribution)
SolarWinds also uses the following standard ports: 22/TCP, 25/TCP, 135/TCP, 161-162/UDP, 443/TCP, 445/TCP, 465/TCP, 587/TCP, 1801/TCP
|
| 17940 |
tcp |
trojans |
Members scan |
W32.Imav.A [Symantec-2006-012610-4055-99] (2006.01.26) - a worm spreading through ICQ messages, may also arrive as a .zip attachment to emails. Disables security-related products and lowers security settings on the compromised computer. Connects to login.icq.com on port 17940/tcp, and sends out messages containing links to copies of the worm. |
| 17988 |
tcp |
hp |
Premium scan |
HP integrated Lights Out Management Feature uses this port.
Also used by HP iLO as Virtual Media port. |
| 17990 |
tcp |
applications |
not scanned |
Res Manager in Worldspan for Windows Gateway 4.1 allows remote attackers to cause a denial of service (crash) via a malformed request to TCP port 17990.
References: [CVE-2002-1029], [BID-5169], [EDB-21594] |
| 18000 |
tcp,udp |
games |
not scanned |
Battlefield 2142
Phala network default ports: 9944, 18000, 19944 |
| 18010 |
tcp |
applications |
not scanned |
Super Dancer Online Extreme(SDO-X)—CiB Net Station Malaysia Server |
| 18017 |
tcp |
wanduck |
Premium scan |
Wanduck http server process on some ASUS routers (wanduck.c, ASUS RT AC66U, AC68Um etc.) binds server on port 18017/tcp |
| 18060 |
tcp |
games |
not scanned |
Battlefield 2142
Spore, developer: Maxis |
| 18067 |
tcp |
trojans |
Basic scan |
Trojans/worms that exploit the Microsoft Plug and Play Buffer Overflow Vulnerability ([MS05-039]) commonly use this port to listen for remote commands via IRC.
Backdoor.Mousey [Symantec-2005-080510-2502-99] - a trojan that opens a backdoor on the compromised computer. It listens for remote commands via IRC on port 18067/tcp.
W32.Esbot.B - a worm that spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (MS Security Bulletin [MS05-039]). Opens a backdoor and listens for remote commands by connecting to IRC servers on port 18067/tcp (W32.Esbot.A [Symantec-2005-081610-2800-99] variant uses port 30722/tcp).
W32.Mocbot.A [Symantec-2005-102415-5716-99] - a worm with backdoor capabilities that exploits the MS Plug and Play Buffer Overflow Vulnerability ([MS05-039]). Opens a backdoor and listens for remote commands on port 18067/tcp. |
| 18070 |
tcp |
applications |
not scanned |
Timespliters Future Perfect |
| 18075 |
tcp,udp |
applications |
not scanned |
Timespliters Future Perfect |
| 18080 |
tcp |
puremessage |
not scanned |
Rainmachine smart sprinkler controllers use ports 80, 8080 and 18080.
Port also used by PureMessage Manager, MySQL Enterprise Dashboard, Monero P2P network communications |
| 18081 |
tcp,udp |
games |
not scanned |
Dragon Age: Origins
Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081.
References: [CVE-2014-2976], [OSVDB-106149], [SECUNIA-58231], [XFDB-93753]
Monero incoming RPC calls also use this port (TCP) |
| 18082 |
tcp |
vipre |
not scanned |
VIPRE Business Security uses the following TCP ports: 8123, 18082, 18086, 18090. It may also communicate through TCP ports 135, 139, 445.
When a Brocade SANnav installation is upgraded from Brocade SANnav v2.2.2 to Brocade SANnav 2.3.0, TLS/SSL weak message authentication code ciphers are added by default for port 18082.
References: [CVE-2024-29969]
|
| 18086 |
tcp |
vipre |
not scanned |
VIPRE Business Security uses the following TCP ports: 8123, 18082, 18086, 18090. It may also communicate through TCP ports 135, 139, 445. |
| 18090 |
tcp |
applications |
not scanned |
VIPRE Business Security uses the following TCP ports: 8123, 18082, 18086, 18090. It may also communicate through TCP ports 135, 139, 445.
FIFA Manager 10, developer: Bright Future GmbH |
| 18091 |
tcp |
applications |
not scanned |
An issue was discovered in Couchbase Server. Authenticated users can send arbitrary Erlang code to the 'diag/eval' endpoint of the REST API (available by default on TCP/8091 and/or TCP/18091). The executed code in the underlying operating system will run with the privileges of the user running Couchbase server.
References: [CVE-2018-15728], [BID-105157]
|
| 18095 |
tcp,udp |
games |
not scanned |
FIFA Manager 10 |
| 18104 |
tcp |
radpdf |
not scanned |
RAD PDF Service |
| 18120 |
tcp |
games |
not scanned |
Battlefield 2142
Spore, developer: Maxis |
| 18136 |
tcp |
racf |
not scanned |
IANA registered for: z/OS Resource Access Control Facility |
| 18180 |
tcp |
applications |
not scanned |
DART Reporting server |
| 18200 |
tcp |
ghidra |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server
Ghidra - open source reverse engineering suite of tools developed by the NSA, uses the following ports: 13100 TCP - default server port, 9010 TCP - optional jvisualvm port (dcom sun management jmxremote), 18200 TCP - optional java debug port. |
| 18201 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18206 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18231 |
tcp |
checkpoint |
not scanned |
Check Point VPN-1 ports:
259 udp - MEP configuration
264 tcp - Topology download
500 tcp/udp - IKE
2746 udp - UDP Encapsulation.
18231 tcp - Policy Server logon, when the client is inside the network
18232 tcp - Distribution server when the client is inside the network
18233 udp - Keep-alive protocol when the client is inside the network
18234 udp - Performing tunnel test, when the client is inside the network
18264 tcp - ICA certificate registration |
| 18232 |
tcp |
checkpoint |
not scanned |
Check Point VPN-1 ports:
259 udp - MEP configuration
264 tcp - Topology download
500 tcp/udp - IKE
2746 udp - UDP Encapsulation.
18231 tcp - Policy Server logon, when the client is inside the network
18232 tcp - Distribution server when the client is inside the network
18233 udp - Keep-alive protocol when the client is inside the network
18234 udp - Performing tunnel test, when the client is inside the network
18264 tcp - ICA certificate registration |
| 18233 |
udp |
checkpoint |
not scanned |
Check Point VPN-1 ports:
259 udp - MEP configuration
264 tcp - Topology download
500 tcp/udp - IKE
2746 udp - UDP Encapsulation.
18231 tcp - Policy Server logon, when the client is inside the network
18232 tcp - Distribution server when the client is inside the network
18233 udp - Keep-alive protocol when the client is inside the network
18234 udp - Performing tunnel test, when the client is inside the network
18264 tcp - ICA certificate registration |
| 18234 |
udp |
checkpoint |
not scanned |
Check Point VPN-1 ports:
259 udp - MEP configuration
264 tcp - Topology download
500 tcp/udp - IKE
2746 udp - UDP Encapsulation.
18231 tcp - Policy Server logon, when the client is inside the network
18232 tcp - Distribution server when the client is inside the network
18233 udp - Keep-alive protocol when the client is inside the network
18234 udp - Performing tunnel test, when the client is inside the network
18264 tcp - ICA certificate registration |
| 18242 |
tcp |
iclid |
not scanned |
Checkpoint router monitoring [Check Point Software] (IANA official) |
| 18243 |
tcp |
clusterxl |
not scanned |
Checkpoint router state backup [Check_Point_Software] (IANA official) |
| 18264 |
tcp |
applications |
not scanned |
Check Point VPN-1 R55, R65, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMP_TIMXCEED_INTRANS (a.k.a. ICMP time exceeded in-transit) response containing an encapsulated IP packet with an intranet address, as demonstrated by a TCP packet to the firewall management server on port 18264.
References: [CVE-2008-5849] [BID-32306]
Directory traversal vulnerability in Check Point Firewall-1 R55W before HFA03 allows remote attackers to read arbitrary files via an encoded .. (dot dot) in the URL on TCP port 18264.
References: [CVE-2006-3885] [BID-19136] [SECUNIA-21200]
Check Point ports:
259 udp - MEP configuration
264 tcp - Topology download
500 tcp/udp - IKE
2746 udp - UDP Encapsulation.
18231 tcp - Policy Server logon, when the client is inside the network
18232 tcp - Distribution server when the client is inside the network
18233 udp - Keep-alive protocol when the client is inside the network
18234 udp - Performing tunnel test, when the client is inside the network
18264 tcp - ICA certificate registration |
| 18300 |
tcp,udp |
games |
not scanned |
Battlefield 2142
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18301 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18302 |
tcp,udp |
portmon |
not scanned |
Portmon- monitors and displays all serial and parallel port activity on a system. |
| 18306 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18308 |
udp |
games |
not scanned |
Scrabble Complete |
| 18321 |
tcp,udp |
games |
not scanned |
Medieval: Total War |
| 18332 |
tcp |
bitcoin |
not scanned |
Bitcoin JSON-RPC testnet server |
| 18333 |
tcp,udp |
bitcoin |
not scanned |
Bitcoin Testnet uses this port. See also port 8333. |
| 18354 |
tcp |
trojans |
Premium scan |
Backdoor.Heplane [Symantec-2005-050122-5053-99] (2005.05.01) - a trojan that allows a remote attacker to have unauthorized access to the compromised computer. It also acts as a proxy server. |
| 18390 |
tcp |
games |
not scanned |
Battlefield: Bad Company 2, developer: EA Digital Illusions CE |
| 18395 |
tcp,udp |
games |
not scanned |
Battlefield: Bad Company 2, developer: EA Digital Illusions CE |
| 18400 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18401 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18443 |
tcp |
siemens |
Premium scan |
Siemens Openstage and Gigaset phones use the following ports:
389/tcp - LDAP
636/tcp - LDAPS
5010/tcp - RTP
5060/tcp - SIP gateway, backup proxy
8085/tcp - DLS
18443/TCP and 18444/TCP - provisioning over TLS (HTTPS)
|
| 18444 |
tcp |
siemens |
Premium scan |
Siemens Openstage and Gigaset phones use the following ports:
389/tcp - LDAP
636/tcp - LDAPS
5010/tcp - RTP
5060/tcp - SIP gateway, backup proxy
8085/tcp - DLS
18443/TCP and 18444/TCP - provisioning over TLS (HTTPS) |
| 18505 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18506 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18507 |
udp |
applications |
not scanned |
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
References: [CVE-2022-29957] |
| 18508 |
tcp |
applications |
not scanned |
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
References: [CVE-2022-29957] |
| 18510 |
tcp |
games |
not scanned |
Battlefield 2142 |
| 18510 |
udp |
applications |
not scanned |
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
References: [CVE-2022-29957] |
