| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 6120 |
tcp |
games |
not scanned |
Starcraft uses ports 6110-6120 |
| 6121 |
tcp |
spdy |
not scanned |
SPDY for a faster web, Ragnarok Online Server (TCP/UDP) |
| 6124 |
tcp,udp |
games |
not scanned |
Against Rome, developer: Independent Arts |
| 6125 |
tcp,udp |
applications |
not scanned |
Librdmacm is a Library for managing RDMA connections. librdmacm is prone to a security vulnerability because of a design error that causes the library to always connect to default port 6125 if the '/var/run/ibacm.port' file is not found. An attacker may exploit this issue to send malicious address resolution information to the applications using the affected library. This may aid in other attacks. To successfully exploit this issue, an attacker must be able to run a rogue 'ib_acm' service on port 6125 on a server which affected clients may connect to.
References: [CVE-2012-4516] [BID-55896] |
| 6129 |
tcp |
dameware |
Premium scan |
W32.mockbot.a.worm [Symantec-2004-022608-5242-99]
Dameware (Solarwinds) - Buffer overflow in DameWare Mini Remote Control before 3.73 allows remote attackers to execute arbitrary code via a long pre-authentication request to TCP port 6129.
References: [CVE-2003-1030], [BID-9213], CERT Vulnerability Note VU#909678.
|
| 6130 |
tcp |
damewaremobgtwy |
not scanned |
IANA registered for: The DameWare Mobile Gateway |
| 6133 |
tcp,udp |
wol |
not scanned |
Net Boundary Tech WOL |
| 6136 |
tcp |
applications |
not scanned |
ObjectDB database server |
| 6144 |
tcp,udp |
games |
not scanned |
PlayLink online game |
| 6150 |
tcp,udp |
games |
not scanned |
MTX Mototrax, developer: Aspyr |
| 6151 |
tcp,udp |
games |
not scanned |
MTX Mototrax, developer: Aspyr |
| 6159 |
tcp |
efb-aci |
not scanned |
EFB Application Control Interface |
| 6160 |
tcp,udp |
ecmp |
not scanned |
Veeam Backup and replication suite uses these ports, in addition to common 80, 443, etc.:
6160 TCP - Veeam installer service
6165 TCP - WAN accelerator
6180 TCP/UDP - Veeam cloud gateway
6169, 8190, 8191 TCP - used by SP backup server
10003 TCP - communication with Veeam backup service
IANA registered for: Emerson Extensible Control and Management Protocol |
| 6161 |
tcp,udp |
patrol-ism |
not scanned |
Veeam vPower NFS Service (TCP)
Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (crash) via a long request to FxIAList on TCP port 6162, or an SNMP request with a long community string to FxAgent on UDP port 6161.
References: [CVE-2008-1320], [BID-28188]
Port also IANA registered for PATROL Internet Srv Mgr |
| 6162 |
tcp,udp |
patrol-coll |
not scanned |
Veeam Data Mover (TCP)
Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (crash) via a long request to FxIAList on TCP port 6162, or an SNMP request with a long community string to FxAgent on UDP port 6161.
References: [CVE-2008-1320], [BID-28188]
The FxIAList service in ASG-Sentry Network Manager 7.0.0 and earlier does require authentication, which allows remote attackers to cause a denial of service (service termination) via the exit command to TCP port 6162, or have other impacts via other commands.
References: [CVE-2008-1321]
PATROL Collector (IANA official) |
| 6163 |
tcp,udp |
pscribe |
not scanned |
Veeam Hyper-V Integration Service
Precision Scribe Cnx Port (IANA official) |
| 6164 |
tcp |
applications |
not scanned |
Veeam WAN Accelerator |
| 6165 |
tcp |
veeam |
not scanned |
Veeam Backup and replication suite uses these ports, in addition to common 80, 443, etc.:
6160 TCP - Veeam installer service
6165 TCP - WAN accelerator
6180 TCP/UDP - Veeam cloud gateway
6169, 8190, 8191 TCP - used by SP backup server
10003 TCP - communication with Veeam backup service |
| 6167 |
tcp |
applications |
not scanned |
Veeam Log Shipping Service |
| 6169 |
tcp |
veeam |
not scanned |
Veeam Backup and replication suite uses these ports, in addition to common 80, 443, etc.:
6160 TCP - Veeam installer service
6165 TCP - WAN accelerator
6180 TCP/UDP - Veeam cloud gateway
6169, 8190, 8191 TCP - used by SP backup server
10003 TCP - communication with Veeam backup service |
| 6170 |
tcp |
applications |
not scanned |
Veeam Mount Server |
| 6177 |
tcp |
applications |
not scanned |
Unspecified vulnerability in the Cluster Management component in IBM PowerHA 5.4, 5.4.1, 5.5, and 6.1 on AIX allows remote attackers to modify the operating-system configuration via packets to the godm port (6177/tcp).
References: [CVE-2009-3900] [BID-36931] [SECUNIA-37267] |
| 6180 |
tcp |
veeam |
Premium scan |
Veeam Backup and replication suite uses these ports, in addition to common 80, 443, etc.:
6160 TCP - Veeam installer service
6165 TCP - WAN accelerator
6180 TCP/UDP - Veeam cloud gateway
6169, 8190, 8191 TCP - used by SP backup server
10003 TCP - communication with Veeam backup service
Marketcircle Daylite Server (Mac OS.X CRM system) client synchronization requests use port 6180
Port also commonly used by some phishing scam sites
|
| 6187 |
tcp |
trojans |
Members scan |
Tilser trojan (2004.02.27) - gives an attacker complete access to your computer, opens a backdoor on TCP port 6187. |
| 6201 |
udp |
thermo-calc |
not scanned |
Management of service nodes in a processing grid for thermodynamic calculations [Thermo-Calc Software] (IANA official) |
| 6209 |
tcp,udp |
qmtps |
not scanned |
QMTP over TLS (IANA official) |
| 6217 |
tcp,udp |
games |
not scanned |
Dark Vengeance |
| 6220 |
tcp,udp |
applications |
not scanned |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors.
References: [CVE-2022-27220] |
| 6257 |
udp |
winmx |
Members scan |
port used by the WinMX P2P file sharing software. It also uses port 6699/tcp. |
| 6260 |
tcp,udp |
applications |
not scanned |
planet M.U.L.E. |
| 6262 |
tcp,udp |
applications |
not scanned |
Advantage Database Server, Security Manager Plus, Web Callback Standard Protocol, License Server (Poseidon for UML)
Sybase Advantage Server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ADS process. By sending specially-crafted packets to UDP port 6262, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
References: [XFDB-68250], [OSVDB-73728], [BID-48464], [SECUNIA-45069] |
| 6267 |
tcp |
trojan |
Premium scan |
DarkSky trojan
IANA registered for: GridLAB-D User Interface |
| 6272 |
tcp |
trojan |
Premium scan |
Secret Service |
| 6295 |
tcp |
applications |
not scanned |
Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295.
References: [CVE-2010-1571], [BID-40680] |
| 6306 |
tcp,udp |
ufmp |
not scanned |
Unified Fabric Management Protocol |
| 6308 |
tcp |
plesk |
not scanned |
Plesk sw-cp-server (since version 12.0) |
| 6315 |
tcp |
scup |
not scanned |
Sensor Control Unit Protocol |
| 6315 |
udp |
scup-disc |
not scanned |
Sensor Control Unit Protocol Discovery Protocol |
| 6317 |
tcp,udp |
nav-data |
not scanned |
Navtech Radar Sensor Data (IANA official) |
| 6318 |
tcp |
iona-data |
not scanned |
IONA Measurement and control data (IANA official) |
| 6320 |
tcp,udp |
repsvc |
not scanned |
IANA registered for: Double-Take Replication Service |
| 6324 |
tcp,udp |
hrd-ncs |
not scanned |
W32.Longbe@mm [Symantec-2004-033115-2633-99] (2004.03.10) - a worm that attempts to download files and execute them. It also contains a backdoor that allows an attacker to remotely execute commands on an infected computer. The worm listens on TCP port 6324.
Hall Research Device discovery and configuration also uses this port.
IANA registered for: HR Device Network Configuration Service. |
| 6325 |
tcp |
dt-mgmtsvc |
not scanned |
Double-Take Management Service [Vision_Solutions] (IANA official) |
| 6326 |
tcp |
dt-vra |
not scanned |
Double-Take Virtual Recovery Assistant [Vision_Solutions] (IANA official) |
| 6331 |
udp |
applications |
not scanned |
Windows Live OneCare (WinSs.exe) |
| 6338 |
tcp |
applications |
not scanned |
In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol by using the JMX connector. The observed affected TCP port is 6338 but, based on the product's configuration, a different one could be vulnerable.
References: [CVE-2019-7727] |
| 6343 |
udp |
openflow |
not scanned |
MikroTik RouterOS uses this port for OpenFlow traffic.
OpenFlow/sFlow - open network messaging standard that creates a format for notifications generated by networking equipment (routers, switches) to be picked by monitoring software for analyzis of traffic and congestion. Competing product to NetFlow owned by Cisco. OpenFlow controllers listen for switches on port 6653/tcp (earlier versions used port 6633/tcp).
NetFlow common UDP ports: 2055, 2056, 4432, 4739, 9995, 9996, and 6343.
|
| 6344 |
tcp |
streletz |
not scanned |
IANA registered for: fire-prevention systems |
| 6346 |
tcp,udp |
gnutella-svc |
not scanned |
Gnutella (FrostWire, Limewire, Shareaza, etc.), BearShare file sharing app |
| 6347 |
tcp,udp |
gnutella-rtr |
not scanned |
Gnutella2 file sharing protocol, gnutella-rtr, Gnutella alternate |
| 6348 |
tcp,udp |
gnutella |
not scanned |
Gnutella Proxy, Bearshare, Limewire, FrostWire, Files sharing, p2p |
| 6350 |
tcp,udp |
adap |
not scanned |
App Discovery and Access Protocol |
| 6351 |
tcp |
trojans |
not scanned |
Backdoor.Padmin [Symantec-2003-090917-0935-99] (2003.05.21) - a trojan horse that has backdoor capabilities.
W32.HLLP.Shodi.B [Symantec-2004-042012-2931-99] (2004.04.20) - a virus that prepends itself to the files that have a .exe extension |
| 6352 |
tcp |
virus |
not scanned |
W32.HLLP.Shodi.B [Symantec-2004-042012-2931-99] (2004.04.20) - a virus that prepends itself to the files that have a .exe extension. |
| 6363 |
udp |
ndn |
not scanned |
IANA registered for: Named Data Networking |
| 6379 |
tcp |
redis |
not scanned |
An advanced key-value cache and store
A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system.
References: [CVE-2022-20821]
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It has been discovered that an unprivileged pod in a different namespace on the same cluster could connect to the Redis server on port 6379. Despite having installed the latest version of the VPC CNI plugin on the EKS cluster, it requires manual enablement through configuration to enforce network policies. This raises concerns that many clients might unknowingly have open access to their Redis servers. This vulnerability could lead to Privilege Escalation to the level of cluster controller, or to information leakage, affecting anyone who does not have strict access controls on their Redis instance. This issue has been patched in version(s) 2.8.19, 2.9.15 and 2.10.10.
References: [CVE-2024-31989] |
| 6384 |
tcp |
worm |
Members scan |
W32.HLLW.Gaobot |
| 6385 |
tcp |
applications |
not scanned |
OpenStack Ironic main API port |
| 6387 |
tcp,udp |
applications |
not scanned |
Spytech Spynet Chat Server 6.5 allows a remote attacker to create a denial of service (crash) via a large number of connections to port 6387.
References: [BID-2701], [CVE-2001-0581], [XFDB-6509] |
| 6388 |
tcp,udp |
applications |
not scanned |
Ironic-image is an OpenStack Ironic deployment packaged and configured by Metal3. When the reverse proxy mode is enabled by the `IRONIC_REVERSE_PROXY_SETUP` variable set to `true`, 1) HTTP basic credentials are validated on the HTTPD side in a separate container, not in the Ironic service itself and 2) Ironic listens in host network on a private port 6388 on localhost by default. As a result, when the reverse proxy mode is used, any Pod or local Unix user on the control plane Node can access the Ironic API on the private port without authentication. A similar problem affects Ironic Inspector (`INSPECTOR_REVERSE_PROXY_SETUP` set to `true`), although the attack potential is smaller there. This issue affects operators deploying ironic-image in the reverse proxy mode, which is the recommended mode when TLS is used (also recommended), with the `IRONIC_PRIVATE_PORT` variable unset or set to a numeric value. In this case, an attacker with enough privileges to launch a pod on the control plane with host networking can access Ironic API and use it to modify bare-metal machine, e.g. provision them with a new image or change their BIOS settings. This vulnerability is fixed in 24.1.1.
References: [CVE-2024-31463] |
| 6389 |
tcp,udp |
clariion-evr01 |
not scanned |
IANA registered for: clariion-evr01 |
| 6394 |
tcp |
worm |
Members scan |
W32.Spybot |
| 6400 |
tcp,udp |
boe-cms |
Premium scan |
Business Objects CMS contact port, info-aps, Seagate Crystal Reports
Trojans using this port: APStrojan (TCP), The Thing |
| 6401 |
tcp,udp |
boe-was |
not scanned |
Seagate Crystal Enterprise, boe-was, info-was |
| 6402 |
tcp,udp |
boe-eventsrv |
not scanned |
boe-eventsrv, info-eventsvr |
| 6403 |
tcp,udp |
boe-cachesvr |
not scanned |
boe-cachesvr, boe-cachesvr |
| 6404 |
tcp,udp |
boe-filesvr |
not scanned |
Business Objects Enterprise internal server, info-filesvr |
| 6405 |
tcp,udp |
boe-pagesvr |
not scanned |
Business Objects Enterprise internal server, info-pagesvr |
| 6406 |
tcp,udp |
boe-processsvr |
not scanned |
Business Objects Enterprise internal server, info-processvr |
| 6418 |
tcp |
syserverremote |
not scanned |
SYserver remote commands |
| 6419 |
tcp |
svdrp |
not scanned |
Simple VDR Protocol |
| 6430 |
tcp |
trojans |
Premium scan |
Backdoor.Mirab [Symantec-2002-062114-0920-99] (2002.06.21) - remote access trojan. Affects all current Windows versions. It uses port 4912 for direct control and port 6430 for file transfer by default. |
| 6432 |
tcp |
pgbouncer |
not scanned |
IANA registered for: PgBouncer - A connection pooler for PostgreSQL |
| 6436 |
tcp,udp |
applications |
not scanned |
LimeWire Client, Gnutella, PhatBox |
| 6440 |
tcp |
heliosd |
not scanned |
IANA registered for: heliosd daemon |
| 6443 |
tcp,udp |
sun-sr-https |
not scanned |
Kubernetes API server (TCP)
An Allocation of Resources Without Limits or Throttling vulnerability in SUSE k3s allows attackers with access to K3s servers' apiserver/supervisor port (TCP 6443) cause denial of service. This issue affects k3s: from v1.24.0 before v1.24.17+k3s1, from v1.25.0 before v1.25.13+k3s1, from v1.26.0 before v1.26.8+k3s1, from sev1.27.0 before v1.27.5+k3s1, from v1.28.0 before v1.28.1+k3s1.
References: [CVE-2023-32187]
A Allocation of Resources Without Limits or Throttling vulnerability in SUSE RKE2 allows attackers with access to K3s servers apiserver/supervisor port (TCP 6443) cause denial of service. This issue affects RKE2: from 1.24.0 before 1.24.17+rke2r1, from v1.25.0 before v1.25.13+rke2r1, from v1.26.0 before v1.26.8+rke2r1, from v1.27.0 before v1.27.5+rke2r1, from v1.28.0 before v1.28.1+rke2r1.
References: [CVE-2023-32186]
Service Registry Default HTTPS Domain (IANA official) |
| 6444 |
tcp,udp |
sge_qmaster |
not scanned |
Sun Grid Engine - Qmaster Service |
| 6445 |
tcp,udp |
sge_execd |
not scanned |
Sun Grid Engine - Execution Service, S4 Leage |
| 6446 |
tcp,udp |
mysql-proxy |
not scanned |
MySQL Proxy |
| 6454 |
udp |
applications |
not scanned |
Art-Net protocol |
| 6463 |
tcp |
discord |
not scanned |
Discord Rich Presence RPC server port - https://discordapp.com/developers/docs/topics/rpc
|
| 6464 |
tcp,udp |
ieee11073-20701 |
not scanned |
IANA registered for: Port assignment for medical device communication in accordance to IEEE 11073-20701 |
| 6475 |
tcp |
beebeep |
not scanned |
BeeBEEP - an open source, peer to peer, LAN chat messenger uses ports 6475/tcp (chat), 6476/tcp (file transfers) and 36475/udp. |
| 6476 |
tcp |
beebeep |
not scanned |
BeeBEEP - an open source, peer to peer, LAN chat messenger uses ports 6475/tcp (chat), 6476/tcp (file transfers) and 36475/udp. |
| 6489 |
tcp |
plesk |
not scanned |
Plesk migration agent (Windows only) uses port 6489/tcp |
| 6498 |
tcp,udp |
applications |
not scanned |
Netscape Conference H.323 HostCall |
| 6500 |
tcp |
games |
Premium scan |
GameSpy Arcade - query port
Also uses ports 3783, 6500, 6515 UDP, 6667, 13139 UDP, 27900 UDP, 28900, 29900, 29901
Buffer overflow in Munica Corporation NetSQL 1.0 allows remote attackers to execute arbitrary code via a long CONNECT argument to port 6500.
References: [CVE-2001-1163] [BID-2885]
Trojans using this port: Devil 1.03 (TCP)
BoKS Master (TCP/UDP) (IANA official) |
| 6500 |
udp |
games |
not scanned |
Dawn of War - Warhammer 40k, Command & Conquer: Red Alert 3 |
| 6501 |
tcp,udp |
boks_servc |
not scanned |
BoKS Servc
Strat-O-Matic Baseball, Strat-O-Matic Basketball, Strat-O-Matic Football, Strat-O-Matic Hockey |
| 6502 |
tcp,udp |
boks_servm |
not scanned |
BoKS Servm, NetOp Remote Control (by Danware Data A/S), Netscape Conference H.323 HostCall
Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502.
References: [CVE-2006-6076], [BID-21221]
IANA registered for: Netop Business Solutions - NetOp Remote Control. |
| 6503 |
tcp,udp |
boks_clntd |
not scanned |
BoKS Clntd
Multiple Computer Associates products are vulnerable to a heap and stack-based buffer overflow, caused by improper bounds checking within the Message Engine RPC service (msgeng.exe). By sending a specially-crafted request to TCP port 6503, a remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges.
Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.
References: [CVE-2006-5143] [BID-20365] [SECUNIA-22285]
Netop Business Solutions - NetOp School (IANA official) |
| 6505 |
tcp,udp |
badm_priv |
not scanned |
BoKS Admin Private Port |
| 6506 |
tcp,udp |
badm_pub |
not scanned |
BoKS Admin Public Port |
| 6507 |
tcp,udp |
bdir_priv |
not scanned |
BoKS Dir Server, Private Port |
| 6508 |
tcp,udp |
bdir_pub |
not scanned |
BoKS Dir Server, Public Port |
| 6511 |
udp |
dccp-udp |
not scanned |
Datagram Congestion Control Protocol Encapsulation for NAT Traversal [IESG] (IANA official) [RFC 6773] |
| 6513 |
tcp |
netconf-tls |
not scanned |
NETCONF over TLS [RFC 5539] (IANA official) |
| 6514 |
tcp |
syslog-tls |
not scanned |
Syslog over TLS [RFC 5425] (IANA official) |
| 6514 |
udp |
syslog-tls |
not scanned |
Syslog over DTLS [RFC 6012] (IANA official) |
| 6515 |
udp |
games |
not scanned |
GameSpy Arcade - Dplay UDP game data, Command & Conquer: Red Alert 3, Heroes of Might and Magic IV
Also uses ports 3783, 6500, 6515 UDP, 6667, 13139 UDP, 27900 UDP, 28900, 29900, 29901
IANA registered for: Elipse RPC Protocol (TCP/UDP) |
