Shortcuts
|
Vulnerable Ports
This list (a very small part of our SG Ports database) includes TCP/UDP ports currently tested by our Security Scanner, and corresponding potential security threats.
We update the list on a regular basis, however if you feel we should add other port(s) to the list or modify their descriptions, please .
Any feedback and suggestions can also be posted to our Security forum.
| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 25734 |
tcp,udp |
applications |
not scanned |
SOLIDWORKS SolidNetworkLicense Manager |
| 25735 |
tcp,udp |
applications |
not scanned |
SOLIDWORKS SolidNetworkLicense Manager |
| 25777 |
tcp,udp |
applications |
not scanned |
Xfire Chat
Xfire 1.64 and earlier allows remote attackers to cause a denial of service (client application crash) via a long string to UDP port 25777.
References: [CVE-2006-5391], [BID-20548] |
| 25793 |
|
vocaltec-hos |
not scanned |
Vocaltec Address Server |
| 25799 |
tcp |
trojan |
Premium scan |
FreddyK trojan |
| 25826 |
udp |
collectd |
not scanned |
Collectd (system statistics collection daemon) network plugin uses port 25826 UDP by default. |
| 25857 |
tcp |
trojan |
not scanned |
W32.Frethem.R [Symantec-2002-091915-2134-99] - a member of W32.Frethem family, coded in MS C/C++ and compressed using UPX and PE-Pack. This variant has backdoor capabilities that also allow it to send itself through email. |
| 25867 |
tcp,udp |
applications |
not scanned |
Remote Buffer Overflow in the Kolban Webcam32 Program. Systems listening on this port are likely to be
vulnerable to this attack, although new versions of Webcam32 with the remote administration feature explicitly enabled on the default port may also be listening and are not vulnerable.
References: [CVE-1999-1292] |
| 25885 |
tcp |
trojan |
Premium scan |
MOTD trojan |
| 25888 |
udp |
applications |
not scanned |
Xfire IP Address (206.220.40.146) resolves to gameservertracking.xfire.com |
| 25954 |
udp |
bf-game |
not scanned |
Bitfighter game server [Christopher_Eykamp] (IANA official) |
| 25955 |
udp |
bf-master |
not scanned |
Bitfighter master server [Christopher_Eykamp] (IANA official) |
| 25982 |
tcp |
trojans |
Premium scan |
DarkFace, MoonPie trojans |
| 25999 |
tcp |
applications |
not scanned |
Xfire |
| 26000 |
tcp,udp |
quake |
not scanned |
CCP's EVE Online Online gaming MMORPG
Quake-based games (e.g. Half-Life, Quakeworld, QuakeIII, etc.), Empire Earth 2 (TCP), Star Trek Voyager: Elite Force (UDP)
Multiple buffer overflows in the client and server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000.
References: [CVE-2007-4370], [BID-25297]
The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows remote attackers to cause a denial of service (daemon crash) via a string with a negative NewLen value within a certain UDP packet that triggers an assertion error.
References: [CVE-2007-4535], [EDB-30527]
quake (IANA official) |
| 26001 |
udp |
applications |
not scanned |
Vulnerabilities in IGI 2: Covert Strike can be exploited to compromise a vulnerable system. A format string error within the logging functionality when processing RCON commands can be exploited by sending a specially crafted command containing format specifiers to the RCON service (default port 26001/UDP).
References: [SECUNIA-11299] |
| 26002 |
tcp |
pokerstars |
not scanned |
Port used by PokerStars software. It may also use ports 22 and 443. Additionally the update uses HTTP port 80. |
| 26005 |
udp |
games |
not scanned |
James Bond 007: NightFire |
| 26015 |
udp |
games |
not scanned |
James Bond 007: NightFire |
| 26025 |
udp |
games |
not scanned |
James Bond 007: NightFire |
| 26026 |
udp |
games |
not scanned |
James Bond 007: NightFire |
| 26100 |
tcp,udp |
games |
not scanned |
Dead Island |
| 26101 |
tcp |
samsung |
not scanned |
Samsung Gear Fit2 Pro debug port |
| 26103 |
tcp |
malware |
not scanned |
Backdoor.Win32.RemServ.d / Unauthenticated Remote Command Execution - the malware creates a service "RSMSS" that runs as SYSTEM and listens on TCP port 26103. Remote attackers who can connect to an infected host will get back a shell as "nt authority\system".
References: [MVID-2022-0655] |
| 26214 |
tcp,udp |
games |
not scanned |
Dark Reign 2 |
| 26220 |
tcp,udp |
games |
not scanned |
Rome: Total War |
| 26257 |
tcp |
cockroach |
not scanned |
CockroachDB (IANA official) |
| 26264 |
tcp,udp |
gserver |
not scanned |
Gserver |
| 26274 |
udp |
trojan |
not scanned |
Delta Source trojan |
| 26418 |
tcp |
trojans |
Premium scan |
W32.Mytob.HH@mm [2005-071116-2302-99] - a mass-mailing worm with backdoor capabilities. Connects to an IRC server and listens for remote commands on port 26418/tcp. Also opens a backdoor on port 5000/tcp. |
| 26675 |
tcp,udp |
applications |
not scanned |
ActiveSync - data synchronization between a mobile computer and a desktop computer, connected to the Internet. |
| 26681 |
tcp |
trojan |
Premium scan |
Voice Spy trojan |
| 26822 |
udp |
applications |
not scanned |
MSI MysticLight |
| 26850 |
tcp |
applications |
not scanned |
War of No Return Server Port |
| 26880 |
udp |
games |
not scanned |
Auto Assault |
| 26900 |
udp |
games |
not scanned |
ToCA Race Driver 3, Hexen II (TCP/UDP) |
| 26900 |
tcp |
applications |
not scanned |
CCP's EVE Online Online gaming MMORPG |
| 26901 |
tcp,udp |
games |
not scanned |
Hoyle Games
CCP's EVE Online Online gaming MMORPG |
| 27000 |
tcp,udp |
games |
not scanned |
id Software's QuakeWorld master server
FLEXlm (Network License Manager) uses ports 27000-27009 tcp.
Autodesk Network License Manager (adskflex.exe) also needs port 2080 tcp in addition to 27000-27009.
Citrix License Server uses ports 7279 and 27000 TCP.
Ports 27000+ are used by some online games:
Team Fortress 2, Day of Defeat, Counter Strike use ports 27000-27015
Left 4 Dead 2 (Valve software) uses ports 27000-27040
Vindictus MMORPG (devCAT/Nexon) uses ports 27000-27025, 36567, and 47611 tcp/udp
Steam (Valve gaming platform) uses these ports:
27000-27015 udp (Steam client game client traffic)
27015-27030 tcp/udp (typically matchmaking and HLTV, also used to download Steam content)
27031 udp, 27036 tcp/udp, and 27037 tcp (incoming for in-home streaming)
3478 udp, 4379 udp, 4380 udp (outbound - Steamworks P2P networking and voice chat)
4380 udp (Steam client) |
| 27000-27050 |
tcp,udp |
games |
not scanned |
Ports 27000 to 27050 are typically used by some online games.
Steam (Valve gaming platform) uses these ports:
27000-27015 udp (Steam client game client traffic)
27015-27030 tcp/udp (typically matchmaking and HLTV, also used to download Steam content)
27031 udp, 27036 tcp/udp, and 27037 tcp (incoming for in-home streaming)
3478 udp, 4379 udp, 4380 udp (outbound - Steamworks P2P networking and voice chat)
4380 udp (Steam client) |
| 27001 |
tcp,udp |
flex-lm |
not scanned |
Ports 27000+ are used by some online games:
Team Fortress 2, Day of Defeat, Counter Strike use ports 27000-27015
Left 4 Dead 2 (Valve Software) uses ports 27000-27040
Vindictus MMORPG (devCAT/Nexon) uses ports 27000-27025, 36567, and 47611 tcp/udp
Steam (Valve gaming platform) uses these ports:
27000-27015 udp (Steam client game client traffic)
27015-27030 tcp/udp (typically matchmaking and HLTV, also used to download Steam content)
27031 udp, 27036 tcp/udp, and 27037 tcp (incoming for in-home streaming)
3478 udp, 4379 udp, 4380 udp (outbound - Steamworks P2P networking and voice chat)
4380 udp (Steam client)
FLEXlm (Network License Manager) uses ports 27000-27009 tcp |
| 27002 |
tcp,udp |
flexlm |
not scanned |
Ports 27000+ are used by some online games:
Team Fortress 2, Day of Defeat, Counter Strike use ports 27000-27015
Left 4 Dead 2 (Valve Software) uses ports 27000-27040
Vindictus MMORPG (devCAT/Nexon) uses ports 27000-27025, 36567, and 47611 tcp/udp
Steam (Valve gaming platform) uses these ports:
27000-27015 udp (Steam client game client traffic)
27015-27030 tcp/udp (typically matchmaking and HLTV, also used to download Steam content)
27031 udp, 27036 tcp/udp, and 27037 tcp (incoming for in-home streaming)
3478 udp, 4379 udp, 4380 udp (outbound - Steamworks P2P networking and voice chat)
4380 udp (Steam client)
FLEXlm (Network License Manager) uses ports 27000-27009 tcp |
| 27003 |
tcp,udp |
flex-lm |
not scanned |
Ports 27000+ are used by some online games:
Team Fortress 2, Day of Defeat, Counter Strike use ports 27000-27015
Left 4 Dead 2 (Valve Software) uses ports 27000-27040
Vindictus MMORPG (devCAT/Nexon) uses ports 27000-27025, 36567, and 47611 tcp/udp
Steam (Valve gaming platform) uses these ports:
27000-27015 udp (Steam client game client traffic)
27015-27030 tcp/udp (typically matchmaking and HLTV, also used to download Steam content)
27031 udp, 27036 tcp/udp, and 27037 tcp (incoming for in-home streaming)
3478 udp, 4379 udp, 4380 udp (outbound - Steamworks P2P networking and voice chat)
4380 udp (Steam client)
FLEXlm (Network License Manager) uses ports 27000-27009 tcp |
| 27004 |
tcp,udp |
flex-lm |
not scanned |
Ports 27000+ are used by some online games:
Team Fortress 2, Day of Defeat, Counter Strike use ports 27000-27015
Left 4 Dead 2 (Valve Software) uses ports 27000-27040
Vindictus MMORPG (devCAT/Nexon) uses ports 27000-27025, 36567, and 47611 tcp/udp
Steam (Valve gaming platform) uses these ports:
27000-27015 udp (Steam client game client traffic)
27015-27030 tcp/udp (typically matchmaking and HLTV, also used to download Steam content)
27031 udp, 27036 tcp/udp, and 27037 tcp (incoming for in-home streaming)
3478 udp, 4379 udp, 4380 udp (outbound - Steamworks P2P networking and voice chat)
4380 udp (Steam client)
FLEXlm (Network License Manager) uses ports 27000-27009 tcp |
| 27005 |
tcp,udp |
flex-lm |
not scanned |
Ports 27000+ are used by some online games:
Team Fortress 2, Day of Defeat, Counter Strike use ports 27000-27015
Left 4 Dead 2 (Valve Software) uses ports 27000-27040
Vindictus MMORPG (devCAT/Nexon) uses ports 27000-27025, 36567, and 47611 tcp/udp
Steam (Valve gaming platform) uses these ports:
27000-27015 udp (Steam client game client traffic)
27015-27030 tcp/udp (typically matchmaking and HLTV, also used to download Steam content)
27031 udp, 27036 tcp/udp, and 27037 tcp (incoming for in-home streaming)
3478 udp, 4379 udp, 4380 udp (outbound - Steamworks P2P networking and voice chat)
4380 udp (Steam client)
FLEXlm (Network License Manager) uses ports 27000-27009 tcp |
| 27006 |
tcp,udp |
flex-lm |
not scanned |
Ports 27000+ are used by some online games:
Team Fortress 2, Day of Defeat, Counter Strike use ports 27000-27015
Left 4 Dead 2 (Valve Software) uses ports 27000-27040
Vindictus MMORPG (devCAT/Nexon) uses ports 27000-27025, 36567, and 47611 tcp/udp
Steam (Valve gaming platform) uses these ports:
27000-27015 udp (Steam client game client traffic)
27015-27030 tcp/udp (typically matchmaking and HLTV, also used to download Steam content)
27031 udp, 27036 tcp/udp, and 27037 tcp (incoming for in-home streaming)
3478 udp, 4379 udp, 4380 udp (outbound - Steamworks P2P networking and voice chat)
4380 udp (Steam client)
FLEXlm (Network License Manager) uses ports 27000-27009 tcp |
| 27007 |
tcp,udp |
flex-lm |
not scanned |
Ports 27000+ are used by some online games:
Team Fortress 2, Day of Defeat, Counter Strike use ports 27000-27015
Left 4 Dead 2 (Valve Software) uses ports 27000-27040
Vindictus MMORPG (devCAT/Nexon) uses ports 27000-27025, 36567, and 47611 tcp/udp
Steam (Valve gaming platform) uses these ports:
27000-27015 udp (Steam client game client traffic)
27015-27030 tcp/udp (typically matchmaking and HLTV, also used to download Steam content)
27031 udp, 27036 tcp/udp, and 27037 tcp (incoming for in-home streaming)
3478 udp, 4379 udp, 4380 udp (outbound - Steamworks P2P networking and voice chat)
4380 udp (Steam client)
FLEXlm (Network License Manager) uses ports 27000-27009 tcp |
| 27008 |
tcp,udp |
flex-lm |
not scanned |
Ports 27000+ are used by some online games:
Team Fortress 2, Day of Defeat, Counter Strike use ports 27000-27015
Left 4 Dead 2 (Valve Software) uses ports 27000-27040
Vindictus MMORPG (devCAT/Nexon) uses ports 27000-27025, 36567, and 47611 tcp/udp
Steam (Valve gaming platform) uses these ports:
27000-27015 udp (Steam client game client traffic)
27015-27030 tcp/udp (typically matchmaking and HLTV, also used to download Steam content)
27031 udp, 27036 tcp/udp, and 27037 tcp (incoming for in-home streaming)
3478 udp, 4379 udp, 4380 udp (outbound - Steamworks P2P networking and voice chat)
4380 udp (Steam client)
FLEXlm (Network License Manager) uses ports 27000-27009 tcp |
| 27009 |
tcp,udp |
flex-lm |
not scanned |
Ports 27000+ are used by some online games:
Team Fortress 2, Day of Defeat, Counter Strike use ports 27000-27015
Left 4 Dead 2 (Valve Software) uses ports 27000-27040
Vindictus MMORPG (devCAT/Nexon) uses ports 27000-27025, 36567, and 47611 tcp/udp
Steam (Valve gaming platform) uses these ports:
27000-27015 udp (Steam client game client traffic)
27015-27030 tcp/udp (typically matchmaking and HLTV, also used to download Steam content)
27031 udp, 27036 tcp/udp, and 27037 tcp (incoming for in-home streaming)
3478 udp, 4379 udp, 4380 udp (outbound - Steamworks P2P networking and voice chat)
4380 udp (Steam client)
FLEXlm (Network License Manager) uses ports 27000-27009 tcp |
| 27010 |
udp |
games |
not scanned |
Half Life, Auto Assault, Source engine dedicated server port
Ports 27000 to 27050 are typically used by some online games.
Steam (Valve gaming platform) uses these ports:
27000-27015 udp (Steam client game client traffic)
27015-27030 tcp/udp (typically matchmaking and HLTV, also used to download Steam content)
27031 udp, 27036 tcp/udp, and 27037 tcp (incoming for in-home streaming)
3478 udp, 4379 udp, 4380 udp (outbound - Steamworks P2P networking and voice chat)
4380 udp (Steam client) |
| 27011 |
udp |
applications |
not scanned |
Ports 27000 to 27040 are typically used by some online games.
Steam (Valve gaming platform) uses these ports:
27000-27015 udp (Steam client game client traffic)
27015-27030 tcp/udp (typically matchmaking and HLTV, also used to download Steam content)
27031 udp, 27036 tcp/udp, and 27037 tcp (incoming for in-home streaming)
3478 udp, 4379 udp, 4380 udp (outbound - Steamworks P2P networking and voice chat)
4380 udp (Steam client)
Half-Life Mod Master |
| 27014 |
tcp |
games |
not scanned |
Source engine dedicated server port (rare)
Ports 27000 to 27040 are typically used by some online games.
Steam (Valve gaming platform) uses these ports:
27000-27015 udp (Steam client game client traffic)
27015-27030 tcp/udp (typically matchmaking and HLTV, also used to download Steam content)
27031 udp, 27036 tcp/udp, and 27037 tcp (incoming for in-home streaming)
3478 udp, 4379 udp, 4380 udp (outbound - Steamworks P2P networking and voice chat)
4380 udp (Steam client)
Games: Breach, Left 4 Dead and Team Fortress 2 use ports 27014-27050 |
| 27015 |
tcp |
steam |
Premium scan |
GoldSrc and Source engine dedicated server port
Ports 27000 to 27040 are typically used by online games.
Steam (Valve gaming platform) uses these ports:
27000-27015 udp (Steam client game client traffic)
27015-27030 tcp/udp (typically matchmaking and HLTV, also used to download Steam content)
27031 udp, 27036 tcp/udp, and 27037 tcp (incoming for in-home streaming)
3478 udp, 4379 udp, 4380 udp (outbound - Steamworks P2P networking and voice chat)
4380 udp (Steam client)
Games:
Half-Life and its mods, such as Counter-Strike
Empire: Total War (The Creative Assembly)
Left 4 Dead (Valve Corporation)
Team Fortress 2 (Valve Corporation) |
| 27015 |
udp |
applications |
not scanned |
Ports 27000 to 27040 are typically used by some online games.
Steam (Valve gaming platform) uses these ports:
27000-27015 udp (Steam client game client traffic)
27015-27030 tcp/udp (typically matchmaking and HLTV, also used to download Steam content)
27031 udp, 27036 tcp/udp, and 27037 tcp (incoming for in-home streaming)
3478 udp, 4379 udp, 4380 udp (outbound - Steamworks P2P networking and voice chat)
4380 udp (Steam client)
The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.6 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a backslash character at the end of a connection string to UDP port 27015.
References: [CVE-2006-0734] [BID-16619]
The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.1.1.0 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a certain connection string to UDP port 27015 that represents "absence of player informations," a related issue to CVE-2006-0734.
References: [CVE-2003-1325]
Call of Duty: Modern Warfare is vulnerable to a denial of service, caused by an error in the online multiplayer functionality. By sending a specially-crafted datagram to UDP port 27015, a remote attacker could exploit this vulnerability to cause the server to crash.
References: [XFDB-80011], [BID-56475], [SECUNIA-51280] |
| 27016 |
tcp |
applications |
Premium scan |
Space Engineers dedicated servers
Ace Attorney Online dedicated servers
Magicka game uses ports 7331, 27016 |
| 27017 |
udp |
steam |
not scanned |
Port used by Valve Steam Friends, an instant messaging protocol that is built into Steam, Counter-Strike, Xpire, MBL TF2 Tango.
IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017.
References: [CVE-2015-1937] |
| 27017 |
tcp |
mongodb |
not scanned |
IANA registered for: Mongo database system |
| 27020 |
tcp,udp |
steam |
not scanned |
Valve Steam Client
Team Fortress 2, Day of Defeat, Counter Strike uses ports 27020-27039 (TCP/UDP). |
| 27030 |
tcp,udp |
applications |
not scanned |
Counter Strike, Day of Defeat Source, Half Life Steam, Steam Client |
| 27031 |
tcp,udp |
applications |
not scanned |
Port used by: UKS UT server, Flex-net managed application VRCO (TrackD), Counter Strike, Day of Defeat Source, Half Life Steam, Steam Client. |
| 27039 |
tcp,udp |
games |
not scanned |
Team Fortress 2 uses ports 27020-27039 |
| 27040 |
tcp,udp |
games |
not scanned |
Left 4 Dead 2 uses ports 27000-27040 |
| 27041 |
tcp,udp |
applications |
not scanned |
Steam Client |
| 27045 |
tcp,udp |
applications |
not scanned |
Steam Client |
| 27050 |
tcp |
applications |
not scanned |
Steam Client, Breach, Homefront, Left 4 Dead and Team Fortress 2 use ports 27014-27050 |
| 27155 |
udp |
applications |
not scanned |
GlobalSunTech Wireless Access Points WISECOM GL2422AP-0T, and possibly OEM products such as D-Link DWL-900AP+ B1 2.1 and 2.2, ALLOY GL-2422AP-S, EUSSO GL2422-AP, and LINKSYS WAP11-V2.2, allow remote attackers to obtain sensitive information like WEP keys, the administrator password, and the MAC filter via a "getsearch" request to UDP port 27155.
References: [CVE-2002-2137], [BID-6100] |
| 27160 |
tcp |
trojan |
Premium scan |
MoonPie trojan |
| 27184 |
tcp,udp |
trojan |
not scanned |
Alvgus trojan 2000 |
| 27224 |
tcp,udp |
applications |
not scanned |
SideSaddle |
| 27225 |
tcp,udp |
applications |
not scanned |
SideSaddle |
| 27226 |
tcp,udp |
applications |
not scanned |
SideSaddle |
| 27227 |
tcp |
malware |
not scanned |
Backdoor.Win32.Agent.ggw / Authentication Bypass - the malware runs a built-in FTP server listening on one of several random TCP ports like 32335, 27227, 27942, 14223, 14988, 11092. Third-party attackers who can reach the server and that know or guess the port can "logon" using any USER/PASS combination or provide no credentials at all.
References: [MVID-2021-0193] |
| 27275 |
tcp,udp |
applications |
not scanned |
In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. A flaw in the processing of a command allows execution of arbitrary OS commands with the privileges of the currently logged in user. This allows for example attackers who compromised a browser extension to escape from the browser sandbox.
References: [CVE-2019-18894] |
| 27328 |
tcp |
trojans |
Premium scan |
Backdoor.Nibu.N [Symantec-2005-081216-4542-99] - a trojan that blocks access to security-related sites, and opens a backdoor on the compromised computer. It also runs a keylogger, sending information periodically via email. Opens a backdoor and listens for remote commands on ports 9125/tcp, and 27328/tcp. |
| 27373 |
tcp |
trojan |
Premium scan |
Charge trojan |
| 27374 |
tcp,udp |
SubSeven |
Basic scan |
Address Search Protocol Daemon (ASPD)
One of the most commonly probed ports used by many trojans.
SubSeven Trojan horse uses this port (TCP). Also used as a backdoor port left behind by exploit scripts, such as those in the Ramen worm. While some scans for this port may be due to SubSeven, others may be looking for a remote shell.
Other trojan horses/backdoors that use this port: Bad Blood, Ramen, Seeker, Ttfloader, Webhead, TheSaint, Lion, EGO.
BackDoor-G [Symantec-2000-121907-4858-99] uses port 27374/tcp.
Backdoor.Win32.Jokerdoor / Weak Hardcoded Credentials - the malware listens on TCP port 27374. The password "mathiasJ" is weak and hardcoded in the PE file. Failed authentication generates a "POPUP incorrect password..." message, using TELNET results in an error "PWDPerror reading password..." Using Nc64.exe utility results in a trailing line feed character "\n" after the supplied password. This causes the cmp statement check to fail even if the password is correct due to the "\n" character.
References: [MVID-2022-0531]
Backdoor.Win32.Jokerdoor / Remote Stack Buffer Overflow - the malware listens on TCP port 27374. Attackers who can reach an infected system can send a large payload and trigger a classic stack buffer overflow overwriting the ECX, EIP registers and structured exception handler (SEH). When connecting you will get a "connected" server response, then we supply our payload as a parameter prefixed by "DOS".
References: [MVID-2022-0628] |
| 27378 |
tcp |
trojans |
Premium scan |
Backdoor.Delf [Symantec-2003-050207-0707-99] - remote access and keylogging trojan family of backdoors, affect Windows. Different varians listen to these TCP ports: 23, 2189,2444,27378. |
| 27379 |
tcp |
trojans |
Premium scan |
Backdoor.optix.o4 [Symantec-2002-091017-3336-99] a.k.a. Optix Lite trojan |
| 27397 |
tcp |
worm |
Premium scan |
W32.Chaim [Symantec-2006-091909-4917-99] - a worm that spreads by sending messages using AOL Instant Messenger and opens a back door. |
| 27431 |
udp |
applications |
not scanned |
The Eques elf smart plug and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP port 27431. An attacker on the local network can use the same key to encrypt and send commands to discover all smart plugs in a network, take over control of a device, and perform actions such as turning it on and off.
References: [CVE-2019-15745] |
| 27444 |
udp |
trojans |
not scanned |
Trin00 (DDoS attack tools) a.k.a. Trinoo and tribe flood network (TFN) use these ports: 27665/tcp (master control port), 27444/udp, 34555/udp, 35555/udp. See also CERT: IN-99-07 |
| 27500 |
udp |
games |
not scanned |
Star Trek Voyager: Elite Force, id Software's QuakeWorld |
| 27573 |
tcp |
trojan |
Premium scan |
SubSeven trojan [Symantec-2001-020114-5445-99] |
| 27589 |
tcp |
trojans |
Premium scan |
Backdoor.Assasin.D trojan - opens a backdoor on one of the following ports: 5695,6595,6969,27589. Backdoor.Assasin opens port 27589, Backdoor.Assasin.B opens port 6969, Backdoor.Assasin.C opens port 6595, and Backdoor.Assasin.D opens port 5695 to listen for commands from the attacker. |
| 27650 |
tcp,udp |
games |
not scanned |
Doom 3, Quake 4 |
| 27665 |
tcp |
trojan |
Premium scan |
Trin00 (DDoS attack tools) a.k.a. Trinoo and tribe flood network (TFN) use these ports: 27665/tcp (master control port), 27444/udp, 34555/udp, 35555/udp. See also CERT: IN-99-07 |
| 27666 |
tcp,udp |
games |
not scanned |
Doom 3 |
| 27700 |
tcp |
applications |
not scanned |
Risk Based Security has reported a vulnerability in multiple Schneider Electric products, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the modbus serial driver (ModbusDrv.exe) when parsing MBAP data and can be exploited to cause a stack-based buffer overflow by sending a specially crafted request to TCP port 27700.
References: [SECUNIA-52821] |
| 27719 |
tcp,udp |
games |
not scanned |
Prey |
| 27733 |
udp |
games |
not scanned |
Enemy Territory: Quake Wars, Wolfenstein |
| 27750 |
tcp,udp |
games |
not scanned |
Medieval 2: Total War |
| 27780 |
tcp |
games |
not scanned |
RF Online
Archlord Beta (TCP/UDP), developer: NHN Games Corporation |
| 27876 |
tcp |
astrolink |
not scanned |
Astrolink Protocol - Alanax Technologies Inc (IANA official) |
| 27886 |
tcp,udp |
applications |
not scanned |
Supercade |
| 27888 |
udp |
applications |
not scanned |
No One Lives Forever, F.E.A.R (TCP/UDP), Contract J.A.C.K. (TCP/UDP), Shogo: Mobile Armor Division (TCP/UDP), Kaillera server
Aliens vs Predator 2 uses ports 27888-27900
Multiple format string vulnerabilities in the Monolith Lithtech engine, as used by First Encounter Assault Recon (F.E.A.R.) 1.08 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in a PB_Y packet to the YPG server on UDP port 27888 or a PB_U packet to UCON on UDP port 27888.
References: [CVE-2007-5247] |
| 27900 |
udp |
games |
not scanned |
Battlefield 2142, ToCA Race Driver 3, Worms 4 Mayhem, Nintendo Wi-Fi Connection (TCP/UDP)
GameSpy Arcade - Master Server UDP Heartbeat. Also uses ports 3783, 6500, 6515 UDP, 6667, 13139 UDP, 27900 UDP, 28900, 29900, 29901 |
| 27901 |
udp |
games |
not scanned |
Battlefield 2142 Stats, Star Trek Armada II, id Software's Quake II master server
Stack-based buffer overflow in the M_AddToServerList function in client/menu.c in Red Planet Arena Alien Arena 7.30 allows remote attackers to execute arbitrary code via a packet with a crafted server description to UDP port 27901 followed by a packet with a long print command.
References: [CVE-2009-3637], [BID-36782], [SECUNIA-37118] |
| 27910 |
tcp |
games |
not scanned |
Quake 2 |
| 27910 |
udp |
games |
not scanned |
Star Trek Voyager: Elite Force |
| 27942 |
tcp |
malware |
not scanned |
Backdoor.Win32.Agent.ggw / Authentication Bypass - the malware runs a built-in FTP server listening on one of several random TCP ports like 32335, 27227, 27942, 14223, 14988, 11092. Third-party attackers who can reach the server and that know or guess the port can "logon" using any USER/PASS combination or provide no credentials at all.
References: [MVID-2021-0193] |
Vulnerabilities listed: 100 (some use multiple ports)
|
