Common Open Port Vulnerabilities List (2024)

Insufficiently protected open ports can put your IT environment at serious risk. Threat actors often seek to exploit open ports and their applications through spoofing, credential sniffing and other techniques. For example, in 2017, cybercriminals spread WannaCry ransomware by exploiting an SMB vulnerability on port 445. Other examples include the ongoing campaigns targeting Microsoft’s Remote Desktop Protocol (RDP) service running on port 3389.

Read on to learn more about the security risks linked to ports, vulnerable ports that need your attention and ways to enhance the security of open ports.

A Refresher on Ports

Ports are logical constructs that identify a specific type of network service. Each port is linked to a specific protocol, program or service, and has a port number for identification purposes. For instance, secured Hypertext Transfer Protocol (HTTPS) messages always go to port 443 on the server side, while port 1194 is exclusively for OpenVPN.

The most common transport protocols that have port numbers are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). TCP is a connection-oriented protocol with built-in re-transmission and error recovery. UDP is a connectionless protocol that doesn’t recover or correct errors in messages; it’s faster and has less network overhead traffic than TCP.Both TCP and UDP sit at the transport layer of the TCP/IP stack and use the IP protocol to address and route data on the internet. Software and services are designed to use TCP or UDP, depending on their requirements.

TCP and UDP ports are in one of these three states:

  • Open — The port responds to connection requests.
  • Closed — The port is unreachable, indicating that there is no corresponding service running.
  • Filtered — The firewall is monitoring traffic and blocking certain connection requests to the port.

Security Risks Linked to Ports

Numerous incidents have demonstrated that open ports are most vulnerable to attack when the services listening to them are unpatched or insufficiently protected or misconfigured, which can lead to compromised systems and networks. In these cases, threat actors can use open ports to perform various cyberattacks that exploit the lack of authentication mechanisms in the TCP and UDP protocols. One common example is spoofing, where a malicious actor impersonates a system or a service and sends malicious packets, often in combination with IP spoofing and man-in-the-middle-attacks. The campaign against RDP Pipe Plumbing is one of the latest to employ such a tactic. In addition, ports that have been opened on purpose (for instance, on a web server) can be attacked via that port using application-layer attacks such as SQL injection, cross-site request forgery and directory traversal.

Another common technique is the denial of service (DoS) attack, most frequently used in the form of distributed denial of service (DDoS), where attackers send massive numbers of connection requests from various machine to the service on the target in order to deplete its resources.

Vulnerable Ports that Need Your Attention

Any port can be targeted by threat actors, but some are more likely to fall prey to cyberattacks because they commonly have serious shortcomings, such as application vulnerabilities, lack of two-factor authentication and weak credentials.

Here are the most vulnerable ports regularly used in attacks:

Ports 20 and 21 (FTP)

Port 20 and (mainly) port 21 are File Transfer Protocol (FTP) ports that let users send and receive files from servers.

FTP is known for being outdated and insecure. As such, attackers frequently exploit it through:

  • Brute-forcing passwords
  • Anonymous authentication (it’s possible to log into the FTP port with “anonymous” as the username and password)
  • Cross-site scripting
  • Directory traversal attacks

Port 22 (SSH)

Port 22 is for Secure Shell (SSH). It’s a TCP port for ensuring secure access to servers. Hackers can exploit port 22 by using leaked SSH keys or brute-forcing credentials.

Port 23 (Telnet)

Port 23 is a TCP protocol that connects users to remote computers. For the most part, Telnet has been superseded by SSH, but it’s still used by some websites. Since it’s outdated and insecure, it’s vulnerable to many attacks, including credential brute-forcing, spoofing and credential sniffing.

Port 25 (SMTP)

Port 25 is a Simple Mail Transfer Protocol (SMTP) port for receiving and sending emails. Without proper configuration and protection, this TCP port is vulnerable to spoofing and spamming.

Port 53 (DNS)

Port 53 is for Domain Name System (DNS). It’s a UDP and TCP port for queries and transfers, respectively. This port is particularly vulnerable to DDoS attacks.

Ports 137 and 139 (NetBIOS over TCP) and 445 (SMB)

Server Message Block (SMB) uses port 445 directly and ports 137 and 139 indirectly. Cybercriminals can exploit these ports through:

  • Using the EternalBlue exploit, which takes advantage of SMBv1 vulnerabilities in older versions of Microsoft computers (hackers used EternalBlue on the SMB port to spread WannaCry ransomware in 2017)
  • Capturing NTLM hashes
  • Brute-forcing SMB login credentials

Ports 80, 443, 8080 and 8443 (HTTP and HTTPS)

HTTP and HTTPS are the hottest protocols on the internet, so they’re often targeted by attackers. They’re especially vulnerable to cross-site scripting, SQL injections, cross-site request forgeries and DDoS attacks.

Ports 1433,1434 and 3306 (Used by Databases)

These are the default ports for SQL Server and MySQL. They are used to distribute malware or are directly attacked in DDoS scenarios. Quite often, attackers probe these ports to find unprotected database with exploitable default configurations.

Port 3389 (Remote Desktop)

This port is used in conjunction with various vulnerabilities in remote desktop protocols and to probe for leaked or weak user authentication. Remote desktop vulnerabilities are currently the most-used attack type; one example is the BlueKeep vulnerability.

Tips for Strengthening the Security of Open Ports

Luckily, there are ways to enhance the security of open ports. We highly recommend the following six strategies:

1. Patch firewalls regularly.

Your firewall is the gatekeeper to all the other systems and services in your network. Patching keeps your firewalls up to date and repairs vulnerabilities and flaws in your firewall system that cybercriminals could use to gain full access to your systems and data.

2. Check ports regularly.

You should also regularly scan and check your ports. There are three main ways to do this:

  • Command-line tools — If you have the time to scan and check ports manually, use command-line tools to spot and scan open ports. Examples include Netstat and Network Mapper, both of which can be installed on a wide range of operating systems, including Windows and Linux.
  • Port scanners — If you want faster results, consider using a port scanner. It’s a computer program that checks if ports are open, closed or filtered. The process is simple: The scanner transmits a network request to connect to a specific port and captures the response.
  • Vulnerability scanning tools — Solutions of this type can also be used to discover ports that are open or configured with default passwords.
  1. Track service configuration changes.

Many services on your network connect to various ports, so it is important to monitor the running states of installed services and continuously track changes to service configuration settings. Services can be vulnerable when they are unpatched or misconfigured.

Using Netwrix Change Tracker, you can harden your systems by tracking unauthorized changes and other suspicious activities. In particular, it provides the following functionality:

  • Actionable alerting about configuration changes
  • Automatic recording, analyzing, validating and verifying of every change
  • Real-time change monitoring
  • Constant application vulnerability monitoring

4. Use IDP and IPS tools.

Intrusion detection systems (IDS) and intrusion prevention systems (IPS) can help you prevent attackers from exploiting your ports. They monitor your network, spot possible cybersecurity incidents, log information about them and report the incidents to security administrators. IPS complements your firewalls by identifying suspicious incoming traffic and logging and blocking the attack.

5. Use SSH Keys.

Another option is to use SSH keys. These access credentials are more secure than passwords because decrypting SSH is very difficult, if not impossible. There are two types of SSH keys:

  • Private or identity keys, which identify users and give them access
  • Public or authorized keys, which determine who can access your system

You can use public-key cryptographic algorithms and key generation tools to create SSH keys.

6. Conduct penetration tests and vulnerability assessments.

Consider conducting penetration tests and vulnerability assessments to protect your ports. Although both of these techniques are used to spot vulnerabilities in IT infrastructure, they are quite different. Vulnerability scans only identify and report vulnerabilities, while penetration tests exploit security gaps to determine how attackers can gain unauthorized access to your system.


What is an open port vulnerability?

An open port vulnerability is a security gap caused by an open port. Without proper configuration and protection, attackers can use open ports to access your systems and data.

Which ports are most vulnerable?

Certain ports and their applications are more likely to be targeted because they often have weaker credentials and defenses. Common vulnerable ports include:

  • FTP (20, 21)
  • SSH (22)
  • Telnet (23)
  • SMTP (25)
  • DNS (53)
  • NetBIOS over TCP (137, 139)
  • SMB (445)
  • HTTP and HTTPS (80, 443, 8080, 8443)
  • Ports 1433, 1434 and 3306
  • Remote desktop (3389)

Is port 80 a security risk?

Port 80 isn’t inherently a security risk. However, if you leave it open and don’t have the proper configurations in place, attackers can easily use it to access your systems and data. Unlike port 443 (HTTPS), port 80 is unencrypted, making it easy for cybercriminals to access, leak and tamper with sensitive data.

Common Open Port Vulnerabilities List (1)

Dirk Schrader

Dirk Schrader is a Resident CISO (EMEA) and VP of Security Research at Netwrix. A 25-year veteran in IT security with certifications as CISSP (ISC²) and CISM (ISACA), he works to advance cyber resilience as a modern approach to tackling cyber threats. Dirk has worked on cybersecurity projects around the globe, starting in technical and support roles at the beginning of his career and then moving into sales, marketing and product management positions at both large multinational corporations and small startups. He has published numerous articles about the need to address change and vulnerability management to achieve cyber resilience.

Common Open Port Vulnerabilities List (2024)


What are the most vulnerable open ports? ›

Ports 80, 443, 8080 and 8443 (HTTP and HTTPS)

HTTP and HTTPS are the hottest protocols on the internet, so they're often targeted by attackers. They're especially vulnerable to cross-site scripting, SQL injections, cross-site request forgeries and DDoS attacks.

What are port 25 open vulnerabilities? ›

SMTP (25)

It is a TCP port used for sending and receiving mails. It can be vulnerable to mail spamming and spoofing if not well-secured.

What are the 4 main types of security vulnerability? ›

The four main types of vulnerabilities in information security are network vulnerabilities, operating system vulnerabilities, process (or procedural) vulnerabilities, and human vulnerabilities.

What are common open ports? ›

Some of the most commonly used ports, along with their associated networking protocol, are:
  • Ports 20 and 21: File Transfer Protocol (FTP). ...
  • Port 22: Secure Shell (SSH). ...
  • Port 25: Historically, Simple Mail Transfer Protocol (SMTP). ...
  • Port 53: Domain Name System (DNS). ...
  • Port 80: Hypertext Transfer Protocol (HTTP).

Why is port 445 vulnerable? ›

Ports 139 and 445 are used for 'NetBIOS' communication between two Windows 2000 hosts. In the case of port 445 an attacker may use this to perform NetBIOS attacks as it would on port 139. Impact: All NetBIOS attacks are possible on this host.

Is open port 22 a vulnerability? ›

As such, Port 22 is subject to countless, unauthorized login attempts by hackers who are attempting to access unsecured servers. A highly effective deterrent is to simply turn off Port 22 and run the service on a seemingly random port above 1024 (and up to 65535).

What is the port 443 vulnerable to? ›

Recommended Actions:
  • Heartbleed (CVE-2014-0160)
  • CCS (CVE-2014-0224)
  • Secure Renegotiation (CVE-2009-3555)
  • CRIME, TLS (CVE-2012-4929)
  • BREACH (CVE-2013-3587)
  • POODLE, SSL (CVE-2014-3566)
  • FREAK (CVE-2015-0204)
  • DROWN (2016-0800, CVE-2016-0703)
Nov 12, 2021

What is port 53 open vulnerabilities? ›

Vulnerabilities in DNS Bypass Firewall Rules (UDP 53) is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.

What is the exploit of port 443? ›

The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by an legitimate user, who must be authenticated to the web interface as administrative user.

What are the 5 types of vulnerability? ›

Types of vulnerability include social, cognitive, environmental, emotional or military. In relation to hazards and disasters, vulnerability is a concept that links the relationship that people have with their environment to social forces and institutions and the cultural values that sustain and contest them.

What are the 13 strands of vulnerability? ›

Dorset Police outline 13 strands of vulnerability which is recognised nationally as:
  • adults at risk.
  • child abuse and neglect.
  • female genital mutilation.
  • honour based abuse.
  • child sexual exploitation.
  • human trafficking and modern day slavery.
  • managing offenders.
  • prostitution.

What are the six types of vulnerability? ›

In a list that is intended to be exhaustively applicable to research subjects, six discrete types of vulnerability will be distinguished—cognitive, juridic, deferential, medical, allocational, and infrastructural.

Are open ports a vulnerability? ›

Open ports can be dangerous when the service listening on the port is misconfigured, unpatched, vulnerable to exploits, or has poor network security rules.

What are 3 examples of ports? ›

11 types of computer ports
  • HDMI. HDMI ports accept connections from HDMI cables, which transmit and receive high-definition audio and visual signals. ...
  • RCA. ...
  • USB-A. ...
  • USB-B. ...
  • USB-C. ...
  • USB 3.0. ...
  • Ethernet. ...
  • DisplayPort.
Mar 10, 2023

What is open port in cyber security? ›

An open port is a software-defined value that identifies a network endpoint. Any connection made on a TCP/IP network has a source and destination port that are used with the respective IP addresses to uniquely identify the sender and receiver of every message (packet) sent.

Is port 3389 vulnerable? ›

TCP port 3389 is used to initiate a connection with the affected component. Blocking this port at the network perimeter firewall will help protect systems that are behind that firewall from attempts to exploit this vulnerability.

Is port 5060 vulnerable? ›

Port 5060 is a common target, the attack pattern being scanning, enumeration, and brute force password guessing, followed by abuse.

Is port 135 a vulnerability? ›

New TCP port 135 vulnerability allows remote commands

What makes Pentera's findings unique is that they were able to just utilize TCP 135 on its own to perform remote execution. And so while many companies already have policies in place against 445, now TCP 135 should be considered equally important to isolate.

Is port 111 vulnerable? ›

Port 111 is a security vulnerability for UNIX systems due to the number of vulnerabilities discovered for the portmapper and related RPC services.

Is port 137 vulnerable? ›

Given that this is one of the most frequently found vulnerabilities, there is ample information regarding mitigation online and very good reason to get it fixed. Hackers are also aware that this is a frequently found vulnerability and so its discovery and repair is that much more important.

What is the port 8888 vulnerability? ›

An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution.

Is port 500 vulnerable? ›

One of our clients vulnerability scan results shows that the ISAKMP on UDP port 500 that is using on IPSec Tunnels are open and can be the point of attack.

Is port 554 vulnerable? ›

By sending specially-crafted RTSP packets to TCP port 554, an attacker could exploit this vulnerability to access the video stream without authentication. Notes: Port numbers in computer networking represent communication endpoints.

Is port 8443 secure? ›

HTTPS ports are dedicated network ports that allow internet users to transmit data via a secure connection encrypted using an SSL/TLS certificate. The most common examples are ports 443 and 8443.

What is the vulnerability of port 21? ›

Businesses need to think about using port 21 FTP to transfer files in their organization due to the unencrypted nature of FTP transmissions. Using FTP can expose sensitive information and network credentials to an attacker when transmitting data across the network or the Internet.

What is port 222 vulnerability? ›

Port 222 Details

MicroWorld Technologies eScan could allow a remote attacker to execute arbitrary commands on the system, caused by improper access control by the eScan Agent Application (MWAGENT. EXE).

What are the vulnerabilities of port 22? ›

An unauthenticated remote attacker with network access to port 22 can tunnel random TCP traffic to other hosts on the network via Ruckus devices. A remote attacker could exploit this vulnerability to bypass security restrictions and gain unauthorized access to the vulnerable application.

What is port 445 exploit? ›

Port 445 is a Microsoft networking port which is also linked to the NetBIOS service present in earlier versions of Microsoft Operating Systems. It runs Server Message Block (SMB), which allows systems of the same network to share files and printers over TCP/IP. This port shouldn't be opened for external network.

Can port 443 be hacked? ›

Port 443 is the safest that allows secure and private data transmission. However, not everything is 100% secure and could be vulnerable to hacks.

How to secure port 80 and 443? ›

  1. Open the file: [app-path]\server\
  2. Enable port 80 (and 443) by changing the appropriate settings from N to a Y . ...
  3. Change the server port in all providers installed on your network. ...
  4. Change the server port in the User Client config file: ...
  5. Restart the Application Server.

What are the 10 factors of vulnerability? ›

  • Climate change.
  • Enviromental degradation.
  • Globalized economic development.
  • Poverty and inequality.
  • Poorly planned urban development.
  • Weak governance.

What are 3 examples of vulnerability? ›

Examples may include:
  • poor design and construction of buildings,
  • inadequate protection of assets,
  • lack of public information and awareness,
  • limited official recognition of risks and preparedness measures, and.
  • disregard for wise environmental management.

Which is the top most common vulnerability? ›

The Top 10 security vulnerabilities as per OWASP Top 10 are:
  • SQL Injection.
  • Cross Site Scripting.
  • Broken Authentication and Session Management.
  • Insecure Direct Object References.
  • Cross Site Request Forgery.
  • Security Misconfiguration.
  • Insecure Cryptographic Storage.
  • Failure to restrict URL Access.
Apr 29, 2023

How many CVE vulnerabilities are there? ›

The US government's National Vulnerability Database (NVD) which is fed by the Common Vulnerabilities and Exposures (CVE) list currently has over 176,000 entries.

What is vulnerability 9? ›

Subject: Social Science - Class 9

Vulnerability to poverty is a measure which describes the higher probability of certain communities or individuals of becoming or remaining poor in the coming years.

What are 2 examples of vulnerability? ›

11 examples of vulnerability
  • Telling someone when they've upset you, respectfully but honestly.
  • Sharing something personal about yourself that you normally wouldn't.
  • Admitting to mistakes you have made in the past.
  • Being willing to feel difficult emotions like shame, grief, or fear.
Jan 29, 2023

What is open vulnerabilities? ›

Open source vulnerability refers to a security vulnerability or weakness in open-source software or application that can be exploited by malicious actors. Open source software is developed in a collaborative and transparent way, where the source code is freely available for anyone to access and modify.

What are the threats to ports? ›

Maritime Security Today

Those threats include terrorism, piracy, smuggling of stowaways and drugs, cargo theft and fraud, bribery and extortion. Sea robbery provides an excellent example of the complexity of port security issues.

How do hackers use open ports? ›

Malicious ("black hat") hackers commonly use port scanning software to find which ports are "open" (unfiltered) in a given computer, and whether or not an actual service is listening on that port. They can then attempt to exploit potential vulnerabilities in any services they find.

What are the 4 main categories of port? ›

There are five major types of natural or artificial ports: Inland port, fishing port, dry port, warm water port and seaport. Among all these types of ports, seaports are the largest and busiest type of ports. This is due to the reason that seaport serves both cargoes as well as passengers.

What are the four major ports? ›

List of Major Ports in India
1.Kochi PortKerala
2.Ennore PortTamil Nadu
3.Haldia portWest Bengal
4.Kolkata PortWest Bengal
9 more rows
Jun 1, 2023

What are the 12 ports? ›

Minor Ports in India
  • Azhikkal Port (Mouth of Valapattanam River Kerala)
  • Kannur (Kerala)
  • Kundapur (Udupi District Karnataka)
  • Dahej (Gujarat)
  • Jafrabad (Gulf of Cambay Gujarat)
  • Kasargod (Kerala)
  • Karaikal (Puduch*erry)
  • Gopalpur (Odisha)

How do I securely open ports? ›

Some of the important points to secure open ports.
  1. Identify open ports.
  2. Scan network ports regularly.
  3. Access ports using a secure virtual private network (VPN).
  4. Use multi-factor authentication.
  5. Implement network segmentation.

How do you identify open ports? ›

How to check for open ports on Windows
  1. Open the Command Prompt. ...
  2. Type “netstat -aon” and hit enter.
  3. Look for the port numbers in the LISTening state. ...
  4. If the port numbers aren't in the LISTening state, you'll need to open them manually.
Aug 17, 2022

Which IP ports are open? ›

Which Ports Are Usually Open By Default?
  • 20 – FTP (File Transfer Protocol)
  • 22 – Secure Shell (SSH)
  • 25 – Simple Mail Transfer Protocol (SMTP)
  • 53 – Domain Name System (DNS)
  • 80 – Hypertext Transfer Protocol (HTTP)
  • 110 – Post Office Protocol (POP3)
  • 143 – Internet Message Access Protocol (IMAP)
  • 443 – HTTP Secure (HTTPS)
Oct 21, 2019

What ports should I block for security? ›

For those looking for a list of ports to block, the SANS Institute recommends at least blocking outbound traffic using the following ports: MS RPC TCP, UDP Port 135. NetBIOS/IP TCP, UDP Port 137-139. SMB/IP TCP Port 445.

What is a high risk port? ›

In SecureCloud, risky ports are commonly-used ports exposed to the internet. They are therefore considered high risk and could leave your assets open to attack. The list of risky ports can be managed in Configuration and the scope of reporting them further refined in Exceptions.

Why is port 135 vulnerable? ›

So, one of the TCP Port 135 vulnerabilities is that hackers or unauthorized users can access a computer system through TCP Port 135 if it is left open. As a result, it is a sensitive port that has a number of security flaws and should never be made available to the internet.

What ports to block from hackers? ›

For instance, blocking ports 139 and 445 (TCP and UDP) will make your network more difficult for attackers to map out the network, and blocking port 31337 (TCP and UDP) will make you more secure from Back Orifice, a hacking tool. Check out this extensive list of ports with their normally associated uses.

How do hackers find open ports? ›

Hackers do not have a preference for which ports they use. They will use port scans to identify ports to open. Commonly targeted ports include widely used programs by network teams for remote administration, web applications, file transfer services, conferencing software and common remote connectivity.

What is the port 53 vulnerability? ›

Vulnerabilities in DNS Bypass Firewall Rules (UDP 53) is a Low risk vulnerability that is one of the most frequently found on networks around the world. This issue has been around since at least 1990 but has proven either difficult to detect, difficult to resolve or prone to being overlooked entirely.

What are the three types of port security? ›

On Cisco equipment there are three different main violation types: shutdown, protect, and restrict.

What is an example of an unsafe port? ›

A port will be unsafe if the ship is endangered when departing from the port. For example if on departure ice has formed and the ship's hull is damaged as a result when leaving, the port will be unsafe. Charterers first have an obligation to nominate a safe port.

Is port 587 vulnerable? ›

In terms of security, both port 465 and 587 are considered secure because they run over TLS encryption, meaning no third party could intercept any data sent back and forth.

Is port 5432 vulnerable? ›

PostgreSQL - 5432 is used by SQL server to listen for client requests. Allowing inbound traffic from all external IP addresses on PostgreSQL port is vulnerable to postgresql exploit.

Is port 21 a security risk? ›

For example, legacy FTP traffic that is transmitted over TCP port 21 is not a secure protocol. Files, credentials, and other information traversing FTP are transmitted in cleartext with no encryption. We often hear about the encryption used by the bad guys concerning ransomware.

Why is port 3389 vulnerable? ›

It allows an attacker to connect to an unpatched target system using RDP and then send special packets that allow remote code execution.

Is port 631 vulnerable? ›

This report identifies devices that have an open IPP (Internet Printing Protocol) service enabled on port 631/TCP. This means anyone can connect to these devices (printers) anonymously. An attacker can abuse such devices for information disclosure including potential access to and manipulation of print jobs.

Should port 445 be open? ›

We also recommend blocking port 445 on internal firewalls to segment your network – this will prevent internal spreading of the ransomware. Note that blocking TCP 445 will prevent file and printer sharing – if this is required for business, you may need to leave the port open on some internal firewalls.

Top Articles
Latest Posts
Article information

Author: Pres. Lawanda Wiegand

Last Updated:

Views: 6049

Rating: 4 / 5 (51 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Pres. Lawanda Wiegand

Birthday: 1993-01-10

Address: Suite 391 6963 Ullrich Shore, Bellefort, WI 01350-7893

Phone: +6806610432415

Job: Dynamic Manufacturing Assistant

Hobby: amateur radio, Taekwondo, Wood carving, Parkour, Skateboarding, Running, Rafting

Introduction: My name is Pres. Lawanda Wiegand, I am a inquisitive, helpful, glamorous, cheerful, open, clever, innocent person who loves writing and wants to share my knowledge and understanding with you.