Essential Guide to Network Ports: From Well‑Known to Dynamic and Security Risks

Port Concept

In networking, a port can refer to a physical interface (e.g., RJ‑45 on a router) or a logical TCP/UDP endpoint numbered 0‑65535 used by services such as HTTP (80) or FTP (21).

Port Classification

Ports are divided into three ranges:

Well‑Known Ports (0‑1023) – reserved for standard services.

Registered Ports (1024‑49151) – assigned to specific applications.

Dynamic/Private Ports (49152‑65535) – used for temporary client connections.

Common Service Ports and Security Notes

Port 0 – Reserved, often used in OS analysis and unusual scans.

Port 21 – FTP, frequently targeted for anonymous access and trojan backdoors.

Port 22 – SSH, vulnerable when misconfigured.

Port 23 – Telnet, commonly scanned for remote login exploits.

Port 25 – SMTP, exploited for spam distribution.

Port 53 – DNS, a frequent target for zone transfers and spoofing.

Port 80 – HTTP, standard web traffic, also used by malicious backdoors.

Port 443 – HTTPS, encrypted web traffic.

Port 135 – Microsoft DCE/RPC endpoint mapper, scanned for Windows services.

Port 137‑139 – NetBIOS name and SMB services, used for file sharing and often abused.

Port 161 – SNMP, vulnerable to default community strings.

Many malware families open non‑standard ports (e.g., 31337 for Back Orifice) to provide remote control.