Port 53 Details

known port assignments and vulnerabilities

threat/application/port search:

Port(s)	Protocol	Service	Details	Source
53	tcp,udp	DNS	DNS (Domain Name Service) used for domain name resolution. There are some attacks that target vulnerabilities within DNS servers. Cisco Webex Teams services uses these ports: 443,444,5004 TCP 53, 123, 5004, 33434-33598 UDP (SIP calls) Xbox 360 (Live) ports: 3074 TCP/UDP, 53 TCP/UDP, 80 TCP, 88 UDP Xbox One (Live) ports: 3074 TCP/UDP, 53 TCP/UDP, 80 TCP, 88 UDP, 500 UDP, 3544 UDP, 4500 UDP Apple MacDNS, FaceTime also use this port. Some trojans also use this port: ADM worm, Bonk (DoS) trojan, li0n, MscanWorm, MuSka52, Trojan.Esteems.C [Symantec-2005-051212-1727-99] (2005.05.12), W32.Spybot.ABDO [Symantec-2005-121014-3510-99] (2005.12.10). W32.Dasher.B [Symantec-2005-121610-5037-99] (2005.12.16) - a worm that exploits the MS Distributed Transaction Coordinator Remote exploit (MS Security Bulletin [MS05-051]). Listens for remote commands on port 53/tcp. Connects to an FTP server on port 21211/tcp. Scans for systems vulnerable to the [MS05-051] exploit on port 1025/tcp. Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53. References: [CVE-2003-1491] [BID-7436] Stack-based buffer overflow in the dns_decode_reverse_name function in dns_decode.c in dproxy-nexgen allows remote attackers to execute arbitrary code by sending a crafted packet to port 53/udp, a different issue than [CVE-2007-1465]. References: [CVE-2007-1866] [SECUNIA-24688] Siemens Gigaset SE461 WiMAX router 1.5-BL024.9.6401, and possibly other versions, allows remote attackers to cause a denial of service (device restart and loss of configuration) by connecting to TCP port 53, then closing the connection. References: [CVE-2009-1152] [BID-34220] Cisco IOS is vulnerable to a denial of service, caused by an error in NAT of DNS. By sending specially-crafted DNS packets to TCP port 53, a remote attacker could exploit this vulnerability to cause the device to reload. References: [CVE-2013-5479], [XFDB-87455] haneWIN DNS Server is vulnerable to a denial of service attack. A remote attacker could send a large amount of data to port 53 and cause the server to crash. References: [XFDB-90583], [BID-65024], [EDB-31014] named in ISC BIND 9.x (before 9.9.7-P2 and 9.10.x before 9.10.2.-P3) allows remote attackers to cause denial of service (DoS) via TKEY queries. A constructed packet can use this vulnerability to trigger a REQUIRE assertion failure, causing the BIND daemon to exit. Both recursive and authoritative servers are vulnerable. The exploit occurs early in the packet handling, before checks enforcing ACLs or configuration options that limit/deny service. See: [CVE-2015-5477] Tftpd32 is vulnerable to a denial of service, caused by an error when processing requests. If the DNS server is enabled, a remote attacker could send a specially-crafted request to UDP port 53 to cause the server to crash. References: [XFDB-75884] [BID-53704] [SECUNIA-49301] TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp. References: [CVE-2018-19528] MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS. References: [CVE-2017-17537], [EDB-43200]	SG
53	tcp,udp		Domain Name System (DNS) (official)	Wikipedia
53	tcp	trojan	ADM worm, li0n, MscanWorm, MuSka52	Trojans
53	udp	applications	Lineage II	Portforward
53,80,443,10070-10080	tcp	applications	Socom, Socom 2. Also uses ports 6000-6999,10070 udp	Portforward
53,80,443,10070,10080	tcp	applications	Twisted Metal Black Online (also uses ports 6000-6999 udp)	Portforward
53	tcp	ADMworm	[trojan] ADM worm	Neophasis
53	tcp	Lion	[trojan] Lion	Neophasis
53	tcp	threat	Civcat	Bekkoame
53	tcp	threat	Esteems	Bekkoame
53	tcp	threat	W32.Dasher	Bekkoame
53	tcp	threat	W32.Spybot	Bekkoame
53	tcp,udp	domain	Domain Name Server	IANA

13 records found

Related ports: 80 88 443 444 953 1025 3074 21211

News Glossary of Terms

Cool Links SpeedGuide Teams

SG Premium Services SG Gear Store

Registry Tweaks Broadband Tools

Downloads/Patches Broadband Hardware

SG Ports Database Security

Default Passwords User Stories

Broadband Routers Wireless

Firewalls / VPNs Software

Hardware User Reviews

Broadband Security

Editorials General

User Articles Quick Reference

Broadband Forums General Discussions

Advertising Awards

Link to us Server Statistics

Helping SG About

XML - RSS Feeds

General Links Broadband Links Networking Links

SG TCP/IP Analyzer SG TCP/IP Optimizer SG Security Scanner SG Speed Test IP Address Locator MAC Address OUI Search Network Tools Bits/Bytes Calculator RWIN/BDP Calculator DSL Speed Calculator WLAN Key Generator Hash Generator

TCP Optimizer Download TCP Optimizer Documentation

Scanned Ports Commonly Open Ports All Ports

Broadband Speed Test Test Stats Provider Stats Country Stats Mirror Stats

Cable Horror Story Cable-Modem Security Worries D-Link DFL-300 VPN Router DSL Hell Get a Cable Modem - Go to Jail ??!? (external) Intermittent Cable signal It Figures - The need for a firewall MediaOne RoadRunner - Kicking in Network adapter MAC/OUI/Brand affect latency Road Runner Security - File and Print Sharing Router speed drop solved RR Tech Support Incompetence ... Short Stories and Fixes Squirrels and rain can slow down an ADSL modem... Telefonica Incompetence, Xenophobia or Fraud? The IP That Just Wouldn\'t Stick. Wireless Networks and WEP

Belkin F5D5230 Compex NetPassage 15B D-Link DI-701 Linksys BEFSR41 Router SOHOWARE BroadGuard NBG800 WebRamp 700s ZyXEL Prestige 310 Nexland

ISB2LAN Router Review Nexland ISB-SOHO

Cayman 2E-H-W Compex NetPassage 26G Wireless Gateway Diamond HomeFree SMC Barricade 7004AWBR

ZyXEL ZyWALL 10

Tiny Software Personal Firewall v1.0 WinGate 4.1.1

Linksys Instant GigaDrive

Acer TravelMate 292 XC Laptop D-Link DI-524 Wireless Router First look at Nexland Pro 400 ADSL with Wireless Netgear RP614 Review

Bits, Bytes and Bandwidth Reference Guide Ethernet auto-sensing and auto-negotiation How to Make Network Cables How to repair TCP/IP and Winsock How to set a Wireless Router as an Access Point Internet connection Sharing Internet Data Caps compared Network Adapter Optimization Router Configuration Guide TCP Congestion Control Algorithms Comparison The TCP Window, Latency, and the Bandwidth Delay product Windows 10 Anniversary updates to TCP Wireless Antenna Guide Wireless Network Speed Tweaks WLAN Primer

General Security Guide How To Crack WEP and WPA Wireless Networks How to Secure your Wireless Network How to Stop Denial of Service (DoS) Attacks IRDP Security Vulnerability in Windows 9x Which VPN Protocol to use? Why encrypt your online traffic with VPN ?

Cable Modems Technology Overview CISCO/VALVE PowerPlay MTU, what difference does it make ? Satellite Internet - What is it ? Server Based Network Guide Tom\'s Easy Home Networking Uncapping, The makings of a Semi-Myth

How to Backup using Batch Files How to Backup using Batch Files under Windows 10 Ramdisk Guide SSD Linux Tweaks SSD Speed Tweaks Windows 2k/XP Tweaks Windows 9x Tweaks

5 Ways to Improve your Wireless Network Cable modem signal levels Cable Troubleshooting Guide Crimson Editor Difference between Routers, Switches and Hubs How DSL Internet Access Works ISPs hijack failed searches The History of DSL Internet Access Tips to improve your SNR Wi-Fi Standards Glossary Wireless Broadband service and LONG Range

ADSL VPI, VCI and Encapsulation settings BIOS Error Codes Choosing RAM Type How to turn Wireless on/off in various Laptop models Linux TCP/IP parameters reference Subnetting and IPv4 Address Classes TCP Structure - Transmission Control Protocol The TCP/IP and OSI Network Models TLD Country Code Reference UDP - User Datagram Protocol Wireless LAN Standards