Essential Guide to Common and Uncommon Network Ports and Their Security Risks

Common and Uncommon Port Overview

A computer can have up to 65,535 ports, each unique. Below is a list of frequently used ports, their services, and typical security considerations.

Port 0 : Reserved – often used for OS analysis.

Port 1 : tcpmux – used by SGI Irix machines; default accounts can be exploited.

Port 7 : Echo – can be used in Fraggle attacks.

Port 19 : Character Generator – can be abused for DoS attacks.

Port 21 : FTP – open anonymous FTP servers are common targets.

Port 22 : SSH – misconfigurations may expose vulnerabilities.

Port 23 : Telnet – often scanned for OS fingerprinting and password attacks.

Port 25 : SMTP – used by spammers to send email.

Port 31 : MSG Authentication – associated with certain malware.

Port 42 : WINS Replication.

Port 53 : DNS – attackers may attempt zone transfers or DNS spoofing.

Port 67/68 : DHCP – vulnerable to rogue DHCP servers and MITM attacks.

Port 69 : TFTP – misconfigurations can lead to file theft.

Port 79 : Finger – used to gather user information.

Port 80 : HTTP – standard web traffic.

Port 99 : Metagram Relay – used by certain backdoors.

Port 102 : Message Transfer Agent (MTA) – X.400 over TCP/IP.

Port 109 : POP3 – vulnerable to buffer overflow attacks.

Port 110 : RPC services – various RPC daemons.

Port 113 : Authentication Service – can be used for credential harvesting.

Port 119 : NNTP – news transfer protocol, often abused for spam.

Port 135 : Microsoft DCE RPC endpoint mapper – used by Windows services and targeted by attackers.

Ports 137‑139 : NETBIOS – file and printer sharing, also used by SMB.

Port 143 : IMAP – similar vulnerabilities to POP3.

Port 161/162 : SNMP – simple network management protocol; default community strings are often guessed.

Port 443 : HTTPS – encrypted web traffic.

Port 445 : CIFS – Windows file sharing, common exploit target.

Port 500 : IKE – Internet Key Exchange, used in VPNs.

Port 1080 : SOCKS – proxy protocol that can be misused to bypass firewalls.

Port 1194 : OpenVPN (example).

Port 1433 : Microsoft SQL Server.

Port 1521 : Oracle Database.

Port 3306 : MySQL.

Port 3389 : RDP – remote desktop protocol, frequent brute‑force target.

Port 8080 : HTTP proxy or alternative web server.

Port 3128 : Squid proxy.

Port 3300‑3400 : Various application‑specific services (e.g., WebLogic, JBoss, Tomcat).

Port 5000‑5001 : Custom services, often used by malware.

Port 5900 : VNC – remote desktop.

Port 6379 : Redis – in‑memory data store.

Port 8000‑8081 : Alternative HTTP services.

Port 8443 : HTTPS alternative.

Port 9000‑9001 : Development tools, sometimes exposed.

Port 10000 : Webmin – admin interface.

Port 27017 : MongoDB – often left unauthenticated.

Port 50000 : SAP.

Port 6000‑6060 : X11 display.

Port 8080‑8090 : Proxy services.

Port 9000‑9090 : Various web services.

Port 12345 : NetBus backdoor.

Port 31337 : Back Orifice – classic backdoor.

Proxy Server Common Ports

HTTP proxy: 80, 8080, 3128, 8081, 9080

SOCKS proxy: 1080

FTP proxy: 21

Telnet proxy: 23

Typical services and their default ports include:

HTTP – 80/tcp

HTTPS – 443/tcp, 443/udp

Telnet – 23/tcp

FTP – 21/tcp

TFTP – 69/udp

SSH – 22/tcp

SMTP – 25/tcp

POP3 – 110/tcp

WebLogic – 7001

JBoss – 8080

Tomcat – 8080

RDP – 3389

Oracle DB – 1521

MS SQL Server – 1433/tcp, 1434/tcp

QQ – 1080/udp

Understanding the mapping between ports, services, and potential vulnerabilities is essential for network administrators and security professionals to configure firewalls, detect anomalies, and mitigate attacks.