Shortcuts

Vulnerable Ports

This list (a very small part of our SG Ports database) includes TCP/UDP ports currently tested by our Security Scanner, and corresponding potential security threats. We update the list on a regular basis, however if you feel we should add other port(s) to the list or modify their descriptions, please . Any feedback and suggestions can also be posted to our Security forum.

1 |....| 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 |....| 55

Port(s)	Protocol	Service	Scan level	Description
15064	tcp	apps	not scanned	LogMeIn may use port 15064/tcp Dameware (dwrcs.exe) may use this port Ring Doorbell uses TCP ports 80, 443, 5228, 15064. In addition, it may use a random UDP port, and outbound TCP ports 7078, 9078, 9998, 9999, 15063
15077	tcp,udp	applications	not scanned	The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078. References: [BID-5703], [CVE-2002-1501], [XFDB-10096]
15078	tcp,udp	applications	not scanned	The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078. References: [BID-5703], [CVE-2002-1501], [XFDB-10096]
15092	tcp	trojan	not scanned	Host Control trojan
15101	tcp	games	not scanned	Tribes 2, Emperor: Rise of the Middle Kingdom, Ground Control, Hoyle Online, Swat 3, Arcanum, PGA Championship Golf 2000
15104	tcp	trojan	not scanned	Mstream trojan Tribes 2 also uses this port.
15111	udp	ksnproxy	not scanned	Kaspersky Security Center uses these ports: 8060, 8061 TCP, 15000, 15001 UDP - installation and update packages 8080 TCP - web console 13000 TCP/UDP - server port 13111, 17000, 17100 TCP, 15111 UDP - KSN proxy server 13291, 13292, 13294, 13295, 13299, 14000, 19170 TCP - client device management
15118	tcp	trojans	Premium scan	Dipnet (a.k.a. Oddbob) trojan. Exploits the Windows port 445 vulnerability (MS Security Bulletin [MS04-011]). Uses tcp ports 11768 and 15118.
15118	udp	v2g-secc	not scanned	IANA registered for: v2g Supply Equipment Communication Controller Discovery Protocol
15152	tcp	applications	not scanned	Exteel
15200	tcp	games	not scanned	Nascar 3, Emperor: Rise of the Middle Kingdom, Ground Control, Hoyle Online, Swat 3
15204	tcp	games	not scanned	Tribes 2, Arcanum
15206	tcp	trojan	Premium scan	KiLo [Symantec-2003-021319-1815-99] trojan Tribes 2 also uses this port. Backdoor.Win32.Kilo.016 / Denial of Service (UDP Datagram) - the malware listens on TCP ports 6712, 6713, 6714, 6715, 7722, 15206, 15207, 16712 and UDP 6666. Attackers who can reach an infected host can send a large payload to UDP port 6666 causing a disruption in service. References: [MVID-2022-0546]
15207	tcp	trojan	Premium scan	KiLo trojan [Symantec-2003-021319-1815-99] Backdoor.Win32.Kilo.016 / Denial of Service (UDP Datagram) - the malware listens on TCP ports 6712, 6713, 6714, 6715, 7722, 15206, 15207, 16712 and UDP 6666. Attackers who can reach an infected host can send a large payload to UDP port 6666 causing a disruption in service. References: [MVID-2022-0546]
15210	udp	trojan	not scanned	UDP remote shell backdoor server
15213	tcp,udp	games	not scanned	Original War
15252	tcp,udp	routers	not scanned	Port 15252/UDP used by MikroTik routers IP Cloud
15300	tcp	games	not scanned	Emperor: Rise of the Middle Kingdom, Swat 3, Arcanum
15345	tcp,udp	xpilot	not scanned	IANA registered for: XPilot Contact
15348	tcp	trojans	not scanned	Backdoor.Bionet.404 [Symantec-2003-110416-1452-99] (2003.11.04) - a backdoor program that permits a remote attacker access on TCP port 15348.
15367	tcp,udp	games	not scanned	Aleph One, developer: Bungie Software
15382	tcp	trojan	Premium scan	SubZero trojan
15400	udp	games	not scanned	Homeworld
15401	udp	games	not scanned	Homeworld
15425	tcp,udp	trojan	Premium scan	Backdoor.Rohimafo [Symantec-2010-041308-3301-99] (2010.04.13) - a trojan horse that opens a back door and steals information from the compromised computer. It creates a proxy server on TCP port 15425. IRLP - Internet Radio Linking Project (uses port 1545 tcp/udp)
15432	tcp	trojans	Premium scan	Backdoor.Cyn [Symantec-2002-083012-4557-99] (2002.08) - remote access trojan, affects all current Windows versions, listens on ports 15432 and 51234.
15441	tcp,udp	applications	not scanned	ZeroNet fileserver
15485	tcp	trojan	Premium scan	KiLo trojan [Symantec-2003-021319-1815-99]
15486	tcp,udp	trojan	not scanned	KiLo trojan [Symantec-2003-021319-1815-99]
15500	tcp	trojan	Premium scan	In Route to the Hell trojan Nascar 3, Hoyle Online also use this port.
15512	tcp	trojan	Premium scan	Iani trojan
15551	tcp	trojan	Premium scan	In Route to the Hell trojan
15553	tcp	trojans	not scanned	Backdoor.Dewin [Symantec-2002-061211-5916-99] (2002.06.12) - allows a hacker to gain access to and remotely control an infected computer. The Trojan program is written in Microsoft Visual C++ and is compressed with PECompact.
15555	tcp	trojan	Premium scan	ICMIBC trojan
15556	tcp,udp	applications	not scanned	Jeex.EU Artesia (direct client-to-db.service)
15567	udp	applications	not scanned	Battlefield Vietnam server port
15668	udp	games	not scanned	Heroes of Might and Magic III, developer: New World Computing
15670	tcp	stomp	not scanned	Port sometimes used by STOMP (Simple/Streaming Text Oriented Messaging Protocol, a web version of AMQP, or MQTT).
15672	tcp,udp	applications	not scanned	360 Share, developer: 360share RabbitMQ management plugin uses this port
15674	tcp	stomp	not scanned	STOMP (Simple/Streaming Text Oriented Messaging Protocol) standard port. STOMP is a web version of AMQP or MQTT
15690	udp	applications	not scanned	ASE Port, Battlefield Vietnam
15695	tcp	trojan	Premium scan	Kryptonic Ghost Command Pro trojan
15800	tcp	games	not scanned	Tribes 2, Emperor: Rise of the Middle Kingdom, Swat 3, Arcanum
15802	tcp	games	not scanned	Throne of Darkness
15845	udp	trojan	not scanned	KiLo trojan [Symantec-2003-021319-1815-99]
15852	tcp	trojan	Premium scan	Kryptonic Ghost Command Pro trojan
15855	tcp	trojans	not scanned	Trojan.Looksky [Symantec-2006-060512-1520-99] (2006.06.05) - a trojan horse that opens a back door and downloads files onto the compromised computer. The trojan also contains rootkit functionality.
15858	tcp	trojans	Premium scan	CDK trojan (ports 79, 15858)
15963	tcp,udp	applications	not scanned	Turkojan
15998	udp	2ping	not scanned	IANA registered for: 2ping Bi-Directional Ping Service
15999	tcp	programmar	not scanned	IANA registered for: ProGrammar Enterprise.
16000	tcp,udp	applications	not scanned	Motorhead Server, shroudBNC Oracle WebCenter Content: Imaging (formerly known as Oracle Universal Content Management) (TCP). Port though often changed during installation. Administration Server Access (IANA official)
16001	tcp	fmsascon	not scanned	IANA registered for: Administration Server Connector.
16002	tcp	gsms	not scanned	IANA registered for: GoodSync Mediation Service
16003	udp	alfin	not scanned	IANA registered for: Automation and Control by REGULACE.ORG
16010	tcp,udp	applications	not scanned	Motorhead Server uses ports 16010-16030
16020	tcp	jwpc	not scanned	Filemaker Java Web Publishing Core
16021	tcp	jwpc-bin	not scanned	Filemaker Java Web Publishing Core Binary
16030	tcp,udp	applications	not scanned	Motorhead Server uses ports 16010-16030
16057	tcp	trojan	Premium scan	MoonPie trojan
16080	tcp	applications	not scanned	Mac OS X Server Web (HTTP) service with performance cache
16102	tcp	applications	not scanned	Stack-based buffer overflow in the BCAAA component before build 60258, as used by Blue Coat ProxySG 4.2.3 through 6.1 and ProxyOne, allows remote attackers to execute arbitrary code via a large packet to the synchronization port (16102/tcp) References: [CVE-2011-5124]
16162	tcp	solaris-audit	not scanned	Solaris Audit - secure remote audit log
16200	tcp	applications	not scanned	Oracle Universal Content Management Content Server The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connections to ports 16200 and 22794, aka Bug ID CSCsy17662. References: [CVE-2009-2874], [BID-36675]
16250	udp	applications	not scanned	Ghost Recon Advanced Warfighter is vulnerable to a denial of service, caused by a signedness error. By sending specially-crafted packets to UDP port 16250, a remote attacker could exploit this vulnerability to cause the application to crash. References: [XFDB-60153], [BID-41459], [SECUNIA-40465]
16250	tcp	applications	not scanned	Oracle Universal Content Management Inbound Refinery
16261	tcp,udp	applications	not scanned	Project Zomboid multiplayer. Additional sequential ports used for each player connecting to server
16286	tcp,udp	applications	not scanned	The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by connecting to port 16286 and not disconnecting, which prevents users from making license requests. References: [CVE-2001-1057], [BID-3120]
16322	tcp	trojans	Premium scan	Backdoor.Lastdoor [Symantec-2002-090517-3251-99] (2002.09.04) - remote access trojan. Affects all current Windows versions.
16379	tcp	applications	not scanned	Redis Cluster bus
16384	udp	connected	not scanned	Apple iChat AV (Audio RTP, RTCP; Video RTP, RTCP) uses ports 16384-16403 Verizon VoiceWing uses ports 16384-16392 (TCP/UDP) Iron Mountain Digital online backup Connected Corp (TCP/UDP) (IANA official)
16385	udp	applications	not scanned	Apple FaceTime, Apple Game Center (RTP/RTCP)
16385	tcp	rdgs	not scanned	Reliable Datagram Sockets (IANA official)
16386	udp	applications	not scanned	Apple FaceTime, Apple Game Center (RTP/RTCP)
16387	udp	applications	not scanned	Apple Game Center (RTP/RTCP)
16389	tcp	applications	not scanned	A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to cause a Denial-of-Service condition. The service restarts automatically. References: [CVE-2017-9938], [BID-99539], [XFDB-128367]
16392	tcp,udp	applications	not scanned	Verizon VoiceWing uses ports 16384-16392
16393	udp	applications	not scanned	Apple FaceTime (RTP/RTCP) uses ports 16393-16402
16402	udp	applications	not scanned	Apple FaceTime (RTP/RTCP) uses ports 16393-16402
16403	udp	applications	not scanned	Apple Game Center (RTP/RTCP) uses ports 16403-16472
16420	udp	applications	not scanned	Real-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP) Apple Game Center also uses this port
16464	tcp	trojan	Premium scan	ZeroAccess/Sirefef trojan rootkit. One botnet uses ports 16464 and 16465 for the 32-bit and 64-bit versions of one botnet; the other botnet uses ports 16470 and 16471. Other variants may also use these ports: 13620, 21315, 21810, 22292
16465	tcp	trojan	not scanned	ZeroAccess/Sirefef trojan rootkit. One botnet uses ports 16464 and 16465 for the 32-bit and 64-bit versions of one botnet; the other botnet uses ports 16470 and 16471. Other variants may also use these ports: 13620, 21315, 21810, 22292
16470	tcp	zeroaccess	Premium scan	ZeroAccess/Sirefef trojan rootkit. One botnet uses ports 16464 and 16465 for the 32-bit and 64-bit versions of one botnet; the other botnet uses ports 16470 and 16471. Other variants may also use these ports: 13620, 21315, 21810, 22292
16471	tcp	trojan	Premium scan	ZeroAccess/Sirefef trojan rootkit. One botnet uses ports 16464 and 16465 for the 32-bit and 64-bit versions of one botnet; the other botnet uses ports 16470 and 16471. Other variants may also use these ports: 13620, 21315, 21810, 22292
16484	tcp	trojan	not scanned	Mosucker trojan
16499	udp	games	not scanned	Star Trek Armada II
16514	tcp,udp	trojan	not scanned	KiLo trojan [Symantec-2003-021319-1815-99]
16515	tcp,udp	trojan	not scanned	KiLo trojan [Symantec-2003-021319-1815-99]
16523	tcp	trojan	Premium scan	Back streets trojan
16567	udp	applications	not scanned	Default Battlefield 2 server port
16638	udp	games	not scanned	SWAT3 game
16639	tcp	games	not scanned	SWAT3 game
16660	tcp	trojan	not scanned	Stacheldraht (DDoS)
16661	tcp	trojans	Premium scan	Backdoor.Haxdoor.D [Symantec-2005-012411-2332-99] (2005.01.24) - backdoor trojan program. Also attempts to log key strokes and steal passwords. Listens on port 16661/tcp, opens two additional high random ports. Backdoor.Haxdoor.E [Symantec-2005-080212-3505-99] (2005.08.01) - trojan that opens a backdoor on the compromised computer, logs keystrokes, steals passwords and drops rootkits that run in safe mode. Opens a backdoor on one or more of the following ports: 7080/tcp, 8008/tcp, or 16661/tcp.
16666	udp	vtp	not scanned	Vidder Tunnel Protocol [Vidder Inc] (IANA official)
16699	tcp	games	not scanned	Stronghold 2
16712	tcp	trojan	Premium scan	KiLo trojan [Symantec-2003-021319-1815-99] Backdoor.Win32.Kilo.016 / Denial of Service (UDP Datagram) - the malware listens on TCP ports 6712, 6713, 6714, 6715, 7722, 15206, 15207, 16712 and UDP 6666. Attackers who can reach an infected host can send a large payload to UDP port 6666 causing a disruption in service. References: [MVID-2022-0546]
16761	tcp	trojan	Premium scan	Kryptonic Ghost Command Pro trojan
16768-16771	tcp	spector	not scanned	ports 16768-16771 are used by SpectorSoft products to check for updates and exchange information with their servers, and for user remote access. Ports 16770/16771 are commonly open. Port 16770 - Primary Server / listen IP port Port 16771 - Web Filter Server Port 16768 - Control Center Server Port 16769 - Recorder Data Vault

Vulnerabilities listed: 100 (some use multiple ports)

1 |....| 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 |....| 55