Shortcuts
|
Vulnerable Ports
This list (a very small part of our SG Ports database) includes TCP/UDP ports currently tested by our Security Scanner, and corresponding potential security threats.
We update the list on a regular basis, however if you feel we should add other port(s) to the list or modify their descriptions, please .
Any feedback and suggestions can also be posted to our Security forum.
| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 12080 |
tcp |
applications |
Members scan |
Port used by WebShield, Dwyco Video Conferencing, NetworkServer, Delta Three PC to Phone.
Trojan Troj/Agent-E, Win32.Disprox.A also use this port. |
| 12083 |
tcp |
applications |
not scanned |
Delta Three PC to Phone |
| 12088 |
tcp,udp |
applications |
not scanned |
Revo DVRNS |
| 12099 |
tcp |
games |
not scanned |
Phantasy Star Universe |
| 12120 |
udp |
applications |
not scanned |
Delta Three PC to Phone |
| 12121 |
tcp |
trojans |
Premium scan |
Backdoor.Balkart [Symantec-2004-090212-3607-99] (2004.09.02) - a backdoor trojan horse that can act as a HTTP proxy or FTP server
Port is also IANA registered for NuPaper Session Service |
| 12122 |
udp |
applications |
not scanned |
Delta Three PC to Phone |
| 12122 |
tcp |
trojans |
Members scan |
Hellz Addiction, also known as Backdoor.Hellza.110, Backdoor.Hellza.115, and Backdoor.Hellza.120, is a backdoor Trojan affecting Microsoft Windows operating systems.
The backdoor uses a client/server relationship, where the server component is installed in the victim's system and the remote attacker has control of the client. The server attempts to open a port, typically TCP port 12122, to allow the client system to connect. Hellz Addiction could allow a remote attacker to gain unauthorized access to the system.
References: [XFDB-15163]
Backdoor.Win32.Hellza.120 / Unauthorized Remote Command Execution - the malware listens on TCP ports 12122, 21. Third-party adversarys who can reach infected systems can issue commands made available by the backdoor.
References: [MVID-2022-0641] |
| 12168 |
tcp,udp |
cawas |
not scanned |
Computer Associates eTrust AntiVirus Server contains a buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code, or create a denial of service condition. eTrust AntiVirus Server installs a service called inoweb that listens on port 12168/tcp.
References: [CVE-2007-2522], [OSVDB-34585], [BID- 23906]
IANA registered for: CA Web Access Service |
| 12174 |
tcp |
applications |
not scanned |
Multiple Symantec Alert Management System 2 (AMS2) components could allow a remote attacker to execute arbitrary commands on the system, caused by an error in the Intel LANDesk Common Base Agent (CBA). By sending a specially-crafted packet to TCP port 12174, a remote attacker could pass packet content as an argument to the CreateProcessA() function and execute arbitrary commands on the system with SYSTEM level privileges.
References: [CVE-2009-1429], [BID-34671] |
| 12200 |
tcp |
applications |
not scanned |
GNucDNA, Tenebril GhostSurf |
| 12201 |
udp |
games |
not scanned |
Medal of Honor: Allied Asasult Monitoring Port
Graylog Extended Log Format (GELF) also uses this port (TCP/UDP) |
| 12202 |
udp |
games |
not scanned |
Medal of Honor: Allied Asasult Alternate Game Port (Opt. w/net port) |
| 12203 |
udp |
games |
not scanned |
Medal of Honor: Allied Asasult Default Server Port |
| 12210 |
udp |
games |
not scanned |
Medal of Honor: Allied Assault |
| 12221 |
tcp |
applications |
not scanned |
ABB MicroSCADA could allow a remote attacker to execute arbitrary code on the system, caused by an error in bounds checking on user supplied data to wserver.exe. By sending a specially crafted request to TCP port 12221, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.
References: [XFDB-89342], [EDB-30009] |
| 12222 |
udp |
games |
not scanned |
Act of War: Direct Action (Atari), a.k.a AOWDA, developer: Eugen Systems
Light Weight Access Point Protocol (LWAPP) LWAPP data (RFC 5412) |
| 12223 |
tcp |
trojan |
not scanned |
Hack'99 KeyLogger |
| 12223 |
udp |
applications |
not scanned |
Light Weight Access Point Protocol (LWAPP) LWAPP control (RFC 5412) |
| 12289 |
udp |
plc |
not scanned |
YOKOGAWA FA-M3 PLC industrical computer uses UDP ports 12289,12291. |
| 12291 |
udp |
plc |
not scanned |
YOKOGAWA FA-M3 PLC industrical computer uses UDP ports 12289,12291. |
| 12299 |
tcp |
applications |
not scanned |
PRRDS.exe in the Proficy Remote Data Service in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12299.
References: [CVE-2012-0230] |
| 12300 |
udp |
games |
not scanned |
Medal of Honor: Allied Asasult Master UDP Query Port |
| 12302 |
tcp |
rads |
not scanned |
Remote Administration Daemon (RAD) is a system service that offers secure, remote, programmatic access to Solaris system configuration and run-time state [Oracle] (IANA official) |
| 12307 |
udp |
applications |
not scanned |
Makerbot UDP Broadcast (client to printer) |
| 12308 |
udp |
applications |
not scanned |
Makerbot UDP Broadcast (printer to client) (JSON-RPC) |
| 12310 |
tcp |
trojan |
Premium scan |
PreCursor trojan |
| 12321 |
tcp,udp |
trojan |
not scanned |
Protoss trojan |
| 12345 |
tcp |
NetBus |
Members scan |
Because of the common sequence of numbers "1 2 3 4 5" this port is commonly chosen when configuring programs, or as default port number.
Cubeworld Server uses port 12345 (TCP/UDP)
opendkim default port (may also use ports 8891,54321)
Tailscale (WireGuard-based open source app for secure private networks) uses port 12345
Some trojan horses/backdoors use this port: Ashley, Fat Bitch trojan, GabanBus, icmp_client.c, icmp_pipe.c, Mypic, NetBus Trojan, Pie Bill Gates, Whack Job, X-bill, ValvNet, TMListen, cron/crontab, Adoresshd.
Backdoor.Amitis.B [Symantec-2003-051915-1012-99] (2003.05.19) Windows remote access trojan. Listens on ports 3547, 7823, 12345, 13173, 44280, 44390, 47387, 64429. Other variants of Backdoor.Amitis also use ports 27, 551.
The Trend Micro OfficeScan uses port 12345. Client allows remote attackers to cause a denial of service by making 5 connections to port 12345, which raises CPU utilization to 100%.
References: [CVE-2000-0204] [BID-1013]
iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the "cube" and it will stop responding.
References: [CVE-2017-7730]
Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and access sensitive information from the device.
References: [CVE-2018-16224]
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
References: [CVE-2022-29957] |
| 12346 |
tcp |
NetBus |
Members scan |
Because of the common sequence of numbers "1 2 3 4 5" port 12346 is also commonly chosen when configuring programs, or as default port number. It is also used by some malware.
Rhapsody music service (Android) uses port 12346/tcp
NetBus trojan
Some other trojans/backdoors that use this port: Ashley, Fat Bitch trojan, GabanBus, icmp_client.c, icmp_pipe.c, Mypic, NetBus, Pie Bill Gates, Whack Job, X-bill
Backdoor.Wasil [Symantec-2002-090617-0925-99] (2002.09.06) - a backdoor trojan that gives an attacker unauthorized access to an infected computer. By default it opens ports 12346 on the compromised computer.
|
| 12346 |
udp |
cisco |
Premium scan |
Cisco SD-WAN edge devices use these ports to establish connections with peers in the overlay network:
ports 12346, 12446, 12546, 12646 (UDP, if DTLS)
ports: 23456, 23556, 23656, 23756 (TCP, if DTLS) |
| 12347 |
tcp |
trojans |
Premium scan |
W32.Mytob.FP@mm [Symantec-2005-062017-2756-99] - mass-mailing worm that opens backdoors on ports 10087/tcp and 12347/tcp. |
| 12348 |
tcp |
BioNet |
Members scan |
GCI BioNet trojan
Backdoor.Win32.Bionet.10 / Authentication Bypass RCE - the malware listens on TCP port 12348. Third-party attackers who can reach infected systems can logon using any username/password combination. Intruders may then upload executables using ftp PASV, STOR commands, this can result in remote code execution.
References: [MVID-2021-0414] |
| 12349 |
tcp |
trojans |
Members scan |
Trojans that use this port: GCI BioNet, The Saint, Webhead |
| 12350 |
tcp |
skype |
Members scan |
Port used by Skype VoIP |
| 12356 |
tcp |
malware |
not scanned |
Backdoor.Win32.Surila.j / Port Bounce Scan - the malware listens on random TCP high port numbers typically starting with "1" E.g. 12356, 14985, 13850, 19050, 13137. The malware has an FTP component that accepts any username/password credentials. Third-party attackers who successfully logon can abuse the backdoor FTP server as a man-in-the-middle machine allowing PORT Command bounce scan attacks using Nmap. This vulnerability allows remote attackers to abuse your system and discreetly conduct network port scanning. Victims will then think these scans are originating from the infected system running the afflicted malware FTP Server and not you.
References: [MVID-2021-0288]
Backdoor.Win32.Surila.j / Authentication Bypass - the malware listens on random TCP high port numbers typically starting with "1" E.g. 12356, 14985, 13850, 19050, 13137. Third-party attackers who can reach infected systems can logon using any username/password combination.
References: [MVID-2021-0289]
Backdoor.Win32.Surila.j / Remote Denial of Service - the malware listens on random TCP high port numbers typically starting with "1" E.g. 12356, 14985, 13850, 19050. Third-party attackers who can reach infected systems can logon using any username/password combination. Supplying a long string of characters for the FTP PORT command argument results in access violation and crash.
References: [MVID-2021-0290] |
| 12361 |
tcp |
trojan |
Premium scan |
Whack-a-mole trojan |
| 12362 |
tcp |
trojan |
Premium scan |
Whack-a-mole trojan |
| 12363 |
tcp |
trojan |
Premium scan |
Whack-a-mole trojan |
| 12389 |
tcp |
trojan |
Premium scan |
KheSanh trojan |
| 12397 |
tcp |
applications |
not scanned |
Multiple buffer overflows in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11355 and earlier allow remote attackers to execute arbitrary code or cause a denial of service via a crafted packet to TCP ports 12397 or 12399.
References: [CVE-2011-4537], [BID-51157]
Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\ (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0x17 to TCP port 12397.
References: [CVE-2011-1566] [BID-46936] [SECUNIA-43849]
Stack-based buffer overflow in Schneider Electric Interactive Graphical SCADA System (IGSS) 10 and earlier allows remote attackers to execute arbitrary code by sending TCP port-12397 data that does not comply with a protocol.
References: [CVE-2013-0657] |
| 12399 |
tcp |
applications |
not scanned |
Multiple buffer overflows in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11355 and earlier allow remote attackers to execute arbitrary code or cause a denial of service via a crafted packet to TCP ports 12397 or 12399.
References: [CVE-2011-4537], [BID-51157] |
| 12401 |
tcp |
applications |
not scanned |
Buffer overflow in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11200 allows remote attackers to cause a denial of service via a crafted packet to TCP port 12401.
References: [CVE-2011-4050] [BID-51146]
PRLicenseMgr.exe in the Proficy Server License Manager in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12401.
References: [CVE-2012-0231]
Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted (1) ListAll, (2) Write File, (3) ReadFile, (4) Delete, (5) RenameFile, and (6) FileInfo commands in an 0xd opcode; (7) the Add, (8) ReadFile, (9) Write File, (10) Rename, (11) Delete, and (12) Add commands in an RMS report templates (0x7) opcode; and (13) 0x4 command in an STDREP request (0x8) opcode to TCP port 12401.
References: [CVE-2011-1567] [BID-46936] [SECUNIA-43849]
WellinTech KingSCADA is vulnerable to a stack-based buffer overflow, caused by an integer overflow in kxNetDispose.dll. By sending a specially-crafted packet to TCP port 12401, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
References: [CVE-2014-0787], [XFDB-92641] |
| 12446 |
udp |
cisco |
Premium scan |
Cisco SD-WAN edge devices use these ports to establish connections with peers in the overlay network:
ports 12346, 12446, 12546, 12646 (UDP, if DTLS)
ports: 23456, 23556, 23656, 23756 (TCP, if DTLS) |
| 12456 |
tcp |
trojan |
Premium scan |
NetBus trojan |
| 12478 |
tcp |
trojan |
Premium scan |
Bionet trojan |
| 12489 |
tcp |
applications |
not scanned |
NSClient/NSClient++/NC_Net (Nagios) |
| 12546 |
udp |
cisco |
Premium scan |
Cisco SD-WAN edge devices use these ports to establish connections with peers in the overlay network:
ports 12346, 12446, 12546, 12646 (UDP, if DTLS)
ports: 23456, 23556, 23656, 23756 (TCP, if DTLS) |
| 12546 |
tcp |
carb-repl-ctrl |
not scanned |
Carbonite Server Replication Control (IANA official) |
| 12623 |
udp |
trojan |
not scanned |
ButtMan, DUN Control trojans |
| 12624 |
tcp |
trojans |
Premium scan |
Backdoor.Tubma [Symantec-2002-060417-3543-99] (2002.06.05) - a remote access trojan which allows a hacker to manipulate the host computer.
Power, Buttman trojans also use this port. |
| 12625 |
tcp |
trojan |
Premium scan |
Buttman trojan |
| 12631 |
tcp |
trojan |
Premium scan |
WhackJob, WhackJob.NB1.7 trojan |
| 12646 |
udp |
cisco |
not scanned |
Cisco SD-WAN edge devices use these ports to establish connections with peers in the overlay network:
ports 12346, 12446, 12546, 12646 (UDP, if DTLS)
ports: 23456, 23556, 23656, 23756 (TCP, if DTLS) |
| 12684 |
tcp |
trojan |
Premium scan |
Power trojan |
| 12701 |
tcp |
Octopi |
Premium scan |
Octopi software-manager (Manjaro Linux, Garuda Linux, etc.) uses port 12701
[trojan] Eclipse 2000 |
| 12754 |
tcp |
trojan |
Premium scan |
Mstream trojan |
| 12865 |
tcp |
netperf |
not scanned |
IANA registered for: control port for the netperf benchmark |
| 12888 |
tcp,udp |
dogtag |
not scanned |
Dogtag Certificate System authority uses port 9080 (ca) and port 9443 (secure ca) by default.
Dograg Certificate PKI Subsystems may also use:
DRM - ports 10080 (drm) and 10443 (drm secure)
OCSP - ports 11080 (ocsp) and 11443 (ocsp secure)
RA - ports 12888 (ra) and 12889 (ra secure)
TKS - ports 13080 (tks) and 13443 (tks secure)
TPS - ports (tps) 7888 and 7889 (tps secure) |
| 12889 |
tcp,udp |
dogtag |
not scanned |
Dogtag Certificate System authority uses port 9080 (ca) and port 9443 (secure ca) by default.
Dograg Certificate PKI Subsystems may also use:
DRM - ports 10080 (drm) and 10443 (drm secure)
OCSP - ports 11080 (ocsp) and 11443 (ocsp secure)
RA - ports 12888 (ra) and 12889 (ra secure)
TKS - ports 13080 (tks) and 13443 (tks secure)
TPS - ports (tps) 7888 and 7889 (tps secure) |
| 12904 |
tcp |
trojans |
Premium scan |
Akropolis, Rocks trojans |
| 12973 |
tcp |
trojan |
Premium scan |
QR keylogger/remote access |
| 12975 |
tcp |
trojan |
Premium scan |
QR keylogger/remote access
LogMeIn Hamachi (VPN tunnel software; also port 32976)—used to connect to Mediation Server (bibi.hamachi.cc); will attempt to use SSL (TCP port 443) if both 12975 & 32976 fail to connect |
| 12998 |
udp |
applications |
not scanned |
IANA registered for: Takenaka RDI Mirror World on SecondLife |
| 12999 |
udp |
applications |
not scanned |
IANA registered for: Takenaka RDI Mirror World on SecondLife
Wizard 101 uses ports 12000-12999 (TCP/UDP) |
| 13000 |
tcp,udp |
klnagent |
Premium scan |
Kaspersky Security Center uses these ports:
8060, 8061 TCP, 15000, 15001 UDP - installation and update packages
8080 TCP - web console
13000 TCP/UDP - server port
13111, 17000, 17100 TCP, 15111 UDP - KSN proxy server
13291, 13292, 13294, 13295, 13299, 14000, 19170 TCP - client device management
Linden Lab viewer to sim on SecondLife (UDP)
Unreal Tournament 3 (TCP)
Senna Spy trojan (TCP) |
| 13001 |
tcp |
applications |
not scanned |
ForeScout CounterACT - an automated security control platform that lets you see, monitor, and control everything on your network: all devices, all operating systems, all applications, all users. |
| 13005 |
udp |
applications |
not scanned |
Settlers 7 game ports: 13005, 13200 TCP and 3544, 9103, 13005, 21000-29999 UDP |
| 13008 |
tcp,udp |
applications |
not scanned |
IANA registered for: Cross Fire, a multiplayer online First Person Shooter |
| 13010 |
tcp |
trojans |
Premium scan |
BitchController, Hacker Brazil trojans |
| 13013 |
tcp |
trojan |
Premium scan |
Backdoor.Psychward [Symantec-2001-052208-1840-99]
Trojan-Dropper.Win32.Juntador.a / Weak Hardcoded Password - the malware listens on TCP ports 7826 and 13013 and drops executables under the Windows dir. Authentication is required for remote user access. However, the password "sexjerx sexjerx" is weak and hardcoded in plaintext within the executable.
References: [MVID-2021-0259]
Backdoor.Win32.IRCBot.gen / Weak Hardcoded Password - the malware listens on TCP port 13013. Authentication is required for remote user access. However, the password "slimanus" is weak and hardcoded in plaintext within the executable.
References: [MVID-2021-0295] |
| 13014 |
tcp |
trojan |
Premium scan |
Backdoor.Psychward [Symantec-2001-052208-1840-99]
Backdoor.Win32.EvilGoat.b / Weak Hardcoded Credentials - the malware listens on TCP port 13014. Authentication is required, however the credentials "evilgoat / penix" are weak and found within the PE file.
References: [MVID-2022-0619] |
| 13028 |
tcp |
trojan |
Premium scan |
Back streets trojan |
| 13075 |
tcp |
applications |
not scanned |
Default for BMC Software Control-M/Enterprise Manager Corba communication, though often changed during installation |
| 13079 |
tcp |
trojan |
Premium scan |
Kryptonic Ghost Command Pro trojan |
| 13080 |
tcp,udp |
dogtag |
not scanned |
Dogtag Certificate System authority uses port 9080 (ca) and port 9443 (secure ca) by default.
Dograg Certificate PKI Subsystems may also use:
DRM - ports 10080 (drm) and 10443 (drm secure)
OCSP - ports 11080 (ocsp) and 11443 (ocsp secure)
RA - ports 12888 (ra) and 12889 (ra secure)
TKS - ports 13080 (tks) and 13443 (tks secure)
TPS - ports (tps) 7888 and 7889 (tps secure) |
| 13100 |
tcp |
ghidra |
not scanned |
Ghidra server default port - open source reverse engineering suite of tools developed by the NSA. It may also open 9010 TCP (optional jvisualvm dcom sun management jmxremote port) and 18200 TCP (optional java debug port). |
| 13111 |
tcp |
ksnproxy |
not scanned |
Kaspersky Security Center uses these ports:
8060, 8061 TCP, 15000, 15001 UDP - installation and update packages
8080 TCP - web console
13000 TCP/UDP - server port
13111, 17000, 17100 TCP, 15111 UDP - KSN proxy server
13291, 13292, 13294, 13295, 13299, 14000, 19170 TCP - client device management
|
| 13131 |
tcp |
qnap |
not scanned |
QNAP NAS uses the following ports:
Web server: 80,8081 TCP and 443,8080 TCP (web admin)
FTP/SFTP/SSH: 20,21,22 TCP and 13131 TCP (telnet)
Remote Replication: 873,8899 TCP
VPN server: 1723 TCP (PPTP), 1194 UDP (OpenVPN)
CloudLink: port 20001 UDP (optional, only required for access without manual port forwarding)
|
| 13137 |
tcp |
malware |
not scanned |
Backdoor.Win32.Surila.j / Port Bounce Scan - The malware listens on random TCP high port numbers typically
starting with "1" E.g. 12356, 14985, 13850, 19050, 13137. The malware has an FTP component that accepts any username/password credentials. Third-party attackers who successfully logon can abuse the backdoor FTP server as a man-in-the-middle machine allowing PORT Command bounce scan attacks using Nmap. This vulnerability allows remote attackers to abuse your system and discreetly conduct network port scanning. Victims will then think these scans are originating from the infected system running the afflicted malware FTP Server and not you.
References: [MVID-2021-0288]
Backdoor.Win32.Surila.j / Authentication Bypass - The malware listens on random TCP high port numbers typically starting with "1" E.g. 12356, 14985, 13850, 19050, 13137. Third-party attackers who can reach infected systems can logon using any username/password combination.
References: [MVID-2021-0289] |
| 13139 |
udp |
games |
not scanned |
GameSpy Arcade - Custom UDP Pings, Worms 4 Mayhem
Armies of Exigo also uses this port.
Also uses ports 3783, 6500, 6515 UDP, 6667, 13139 UDP, 27900 UDP, 28900, 29900, 29901 |
| 13173 |
tcp |
trojans |
Premium scan |
Backdoor.Amitis.B [Symantec-2003-051915-1012-99] (2003.05.19) Windows remote access trojan. Listens on ports 3547, 7823, 12345, 13173, 44280, 44390, 47387, 64429. Other variants of Backdoor.Amitis also use ports 27, 551. |
| 13195 |
tcp,udp |
applications |
not scanned |
Ontolux 2D |
| 13200 |
tcp |
applications |
not scanned |
Settlers 7 |
| 13223 |
tcp |
trojan |
Premium scan |
Hackґ99 KeyLogger trojan
PowWow Client also uses this port (TCP/UDP). |
| 13224 |
tcp,udp |
powwow-server |
not scanned |
PowWow |
| 13291 |
tcp |
klserver |
not scanned |
Kaspersky Security Center uses these ports:
8060, 8061 TCP, 15000, 15001 UDP - installation and update packages
8080 TCP - web console
13000 TCP/UDP - server port
13111, 17000, 17100 TCP, 15111 UDP - KSN proxy server
13291, 13292, 13294, 13295, 13299, 14000, 19170 TCP - client device management
|
| 13292 |
tcp |
klserver |
not scanned |
Kaspersky Security Center uses these ports:
8060, 8061 TCP, 15000, 15001 UDP - installation and update packages
8080 TCP - web console
13000 TCP/UDP - server port
13111, 17000, 17100 TCP, 15111 UDP - KSN proxy server
13291, 13292, 13294, 13295, 13299, 14000, 19170 TCP - client device management
|
| 13294 |
tcp |
klserver |
not scanned |
Kaspersky Security Center uses these ports:
8060, 8061 TCP, 15000, 15001 UDP - installation and update packages
8080 TCP - web console
13000 TCP/UDP - server port
13111, 17000, 17100 TCP, 15111 UDP - KSN proxy server
13291, 13292, 13294, 13295, 13299, 14000, 19170 TCP - client device management
|
| 13295 |
tcp |
klserver |
not scanned |
Kaspersky Security Center uses these ports:
8060, 8061 TCP, 15000, 15001 UDP - installation and update packages
8080 TCP - web console
13000 TCP/UDP - server port
13111, 17000, 17100 TCP, 15111 UDP - KSN proxy server
13291, 13292, 13294, 13295, 13299, 14000, 19170 TCP - client device management
|
| 13298 |
tcp,udp |
trojans |
not scanned |
Backdoor.Theef.C [Symantec-2002-120917-1049-99] (2002.12.09) - a backdoor trojan that gives an attacker unauthorized access to an infected computer. By default it opens and listens on port 13298. |
| 13299 |
tcp |
klserver |
not scanned |
Kaspersky Security Center uses these ports:
8060, 8061 TCP, 15000, 15001 UDP - installation and update packages
8080 TCP - web console
13000 TCP/UDP - server port
13111, 17000, 17100 TCP, 15111 UDP - KSN proxy server
13291, 13292, 13294, 13295, 13299, 14000, 19170 TCP - client device management
|
| 13333 |
tcp,udp |
applications |
not scanned |
ValiCert Enterprise Validation Authority (EVA) is vulnerable to several buffer overflows in the forms.exe CGI script that is used by remote users to access the EVA Administration Server. By sending a specially-crafted HTTP POST request to the Administration Server on port 13333, a remote attacker can overflow a buffer and execute arbitrary code on the system with system level privileges.
References: [CVE-2001-0949], [XFDB-7652] |
| 13337 |
tcp,udp |
applications |
not scanned |
EtherNet peer-to-peer networking |
| 13364 |
tcp,udp |
applications |
not scanned |
Edimax IC-3030iWn is prone to an information-disclosure vulnerability.
References: [BID_54006], [EDB-37405] |
| 13370 |
tcp |
trojan |
Premium scan |
SpArTa trojan |
| 13371 |
tcp |
trojan |
Premium scan |
Optix Pro trojan |
| 13392 |
tcp,udp |
skype |
not scanned |
Port sometimes used by Skype VoIP |
| 13400 |
tcp |
doip-data |
not scanned |
IANA registered for: DoIP Data |
| 13400 |
udp |
doip-disc |
not scanned |
IANA registered for: DoIP Discovery |
Vulnerabilities listed: 100 (some use multiple ports)
|
