30 High-Risk Ports You Must Secure and How to Close Them
This guide lists 30 commonly exposed high‑risk ports such as LDAP, MySQL, and Docker, explains the security threats they pose, and provides practical firewall, service‑management, and port‑closing steps—including command‑line examples—to help you harden your systems against attacks.
In the Internet era, network security is crucial; exposing certain ports can lead to severe threats. The following list identifies 30 high‑risk ports and offers protection recommendations.
1. High‑Risk Ports
LDAP (389) : Should not be exposed to the Internet.
SMB (445) : Frequently exploited by attackers.
MySQL (3306) : Database port, vulnerable to SQL injection when exposed.
Redis (6379) : Should not be exposed to the Internet.
FTP (21) : Commonly exploited and vulnerable.
SSH (22) : Frequently targeted by attackers.
Elasticsearch (9200) : Should not be exposed; often vulnerable.
DB2/Sybase (5000) : Should not be exposed.
Weblogic (7001) : Frequently exploited.
RDP (3389) : Susceptible to brute‑force attacks.
Rundeck (4440) : Frequently exploited.
MongoDB (27017/27018) : Default open ports, should be hidden.
Memcached (11211) : Frequently exploited.
CouchDB (5984) : Should not be exposed.
Hadoop (8019/8042/9000/8088) : No practical value when exposed.
Zookeeper (3888) : Frequently exploited.
Docker (2375) : Should not be exposed.
Etcd (2379) : Should not be exposed.
Supervisor (9001) : Frequently exploited.
Spark (7077) : Frequently exploited.
NFS (2049) : Frequently exploited.
Flink (8081) : Should not be exposed; often vulnerable.
PostgreSQL (5432) : Should not be exposed.
Oracle (1521) : Should not be exposed.
Kafka (9092) : Frequently exploited.
Nacos JRAFT : Should not be exposed; often attacked.
GlassFish (4848) : Frequently exploited.
InfluxDB (8083/8086) : Should not be exposed.
Symantec pcAnywhere (5631/5632) : Should not be exposed.
2. Security Protection Tips
Optimize firewall rules to restrict access to dangerous ports, allowing only trusted IP addresses.
Minimize open ports: keep only those required for business, close the rest.
Establish a port‑service management mechanism: maintain an inventory, prohibit unauthorized services, require security approval before opening ports, and keep audit logs.
Disable default ports of unnecessary services to reduce the attack surface.
3. How to Safely Close These Ports
Step 1: Identify Open Ports
Use tools such as netstat , nmap or lsof to list open ports.
<code>netstat -tuln</code>Step 2: Stop Related Services
Stop services that listen on risky ports. Example for FTP:
<code>sudo systemctl stop vsftpd</code><code>sudo systemctl disable vsftpd</code>Step 3: Configure Firewall
Use iptables or ufw to block access. Example to deny port 21 with ufw:
<code>sudo ufw deny 21</code>Step 4: Disable Unnecessary Services
Disable services that are not needed, e.g., Telnet:
<code>sudo systemctl stop telnet</code><code>sudo systemctl disable telnet</code>Step 5: Regularly Scan
Periodically scan the system to ensure no unnecessary ports are reopened.
Conclusion
By identifying dangerous ports, applying protection measures, and closing unnecessary ports, you can significantly reduce the risk of attacks. Network security is an ongoing process; regular checks and updates are essential to keep your environment safe.
Efficient Ops
This public account is maintained by Xiaotianguo and friends, regularly publishing widely-read original technical articles. We focus on operations transformation and accompany you throughout your operations career, growing together happily.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.