| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 17442 |
tcp |
vmware |
not scanned |
VMWare TrustPoint Security Platform uses the following ports:
17440/TCP, 443/TCP - console to server communication
17442/TCP - clients to server
17443/TCP - console and trace clients to trace server traffic
17444/TCP - trace clients to module server
17472/TCP - server to zone server, local client to client traffic
17477/TCP - server to module server |
| 17442 |
tcp |
vmware |
not scanned |
VMWare TrustPoint Security Platform uses the following ports:
17440/TCP, 443/TCP - console to server communication
17442/TCP - clients to server
17443/TCP - console and trace clients to trace server traffic
17444/TCP - trace clients to module server
17472/TCP - server to zone server, local client to client traffic
17477/TCP - server to module server |
| 17443 |
tcp |
vmware |
not scanned |
VMWare TrustPoint Security Platform uses the following ports:
17440/TCP, 443/TCP - console to server communication
17442/TCP - clients to server
17443/TCP - console and trace clients to trace server traffic
17444/TCP - trace clients to module server
17472/TCP - server to zone server, local client to client traffic
17477/TCP - server to module server |
| 17444 |
tcp |
vmware |
not scanned |
VMWare TrustPoint Security Platform uses the following ports:
17440/TCP, 443/TCP - console to server communication
17442/TCP - clients to server
17443/TCP - console and trace clients to trace server traffic
17444/TCP - trace clients to module server
17472/TCP - server to zone server, local client to client traffic
17477/TCP - server to module server |
| 17449 |
tcp |
trojan |
Premium scan |
Kid Terror trojan |
| 17472 |
tcp |
vmware |
not scanned |
VMWare TrustPoint Security Platform uses the following ports:
17440/TCP, 443/TCP - console to server communication
17442/TCP - clients to server
17443/TCP - console and trace clients to trace server traffic
17444/TCP - trace clients to module server
17472/TCP - server to zone server, local client to client traffic
17477/TCP - server to module server
Tanium Server, Client and Appliance use these TCP ports: 80, 443, 8443, 17472, 17477
|
| 17474 |
udp |
applications |
not scanned |
DMXControl 3 Network Discovery |
| 17475 |
tcp |
games |
not scanned |
Battlefield 2142
Test Drive Unlimited (TCP/UDP)
DMXControl 3 Network Broker |
| 17477 |
tcp |
vmware |
not scanned |
VMWare TrustPoint Security Platform uses the following ports:
17440/TCP, 443/TCP - console to server communication
17442/TCP - clients to server
17443/TCP - console and trace clients to trace server traffic
17444/TCP - trace clients to module server
17472/TCP - server to zone server, local client to client traffic
17477/TCP - server to module server
Tanium Server, Client and Appliance use these TCP ports: 80, 443, 8443, 17472, 17477 |
| 17478 |
udp |
games |
not scanned |
Delta Force - Land Warrior |
| 17490 |
tcp |
trojan |
Premium scan |
CrazzyNet trojan |
| 17499 |
tcp |
trojan |
Premium scan |
CrazzyNet trojan |
| 17500 |
tcp |
trojan |
Premium scan |
CrazzyNet trojan
Dropbox LanSync Protocol (db-lsp) also uses port 17500 (TCP/UDP). It is used to synchronize file catalogs between Dropbox clients on a local network. |
| 17502 |
tcp |
games |
not scanned |
Medal of Honor 2010 |
| 17503 |
tcp |
malware |
not scanned |
Trojan-Proxy.Win32.Ranky.dh / Unauthenticated Open Proxy - the malware listens on TCP port 17503. Third-party attackers
who can connect to the infected system can relay requests from the original connection to the destination and then back to the origination system. Attackers may then be able to launch attacks, download files or port scan third party systems and it will appear as the attacks originated from that infected host.
References: [MVID-2021-0364]
|
| 17555 |
tcp |
ailith |
not scanned |
Ailith management of routers (IANA official) |
| 17569 |
tcp |
trojans |
Premium scan |
Infector trojan, 04,1999. Affects Windows 9x (ICQ). Uses ports 146, 1208, 17569, 24000, 30000 |
| 17593 |
tcp |
trojan |
Premium scan |
AudioDoor trojan |
| 17677 |
udp |
games |
not scanned |
F1 Challenge 99-02, GTR FIA GT Racing Game |
| 17703 |
tcp,udp |
applications |
not scanned |
Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to port 17703.
References: [CVE-2015-2763] |
| 17761 |
udp |
games |
not scanned |
Nascar 3 |
| 17771 |
udp |
applications |
not scanned |
Hamachi
Trojan.Mitglieder.F [Symantec-2004-040514-3126-99] (2004.04.05) - a variant of Trojan.Mitglieder. This trojan horse opens a proxy on the system, attempts to stop security software, and can update itself. |
| 17777 |
tcp |
solarwinds |
Premium scan |
SolarWinds Server & Application Monitor (SAM) uses the following ports:
4369 TCP - RabbitMQ messaging (EMPD)
5671 TCP - RabbitMQ messaging (AMQP over TLS/SSL)
5672 TCP - RabbitMQ messaging (AMQP unencrypted backup port)
17777 TCP - Orion module traffic, RSA handshake, AES 256 communication using WCF
17778 TCP - SolarWinds Information Service API
17779 TCP - SolarWinds Toolset Integration over HTTP
17790 TCP - Agent communication with the Orion server
17791 TCP - Agent communication with the Orion server
25672 TCP - RabbitMQ messaging (Erlang distribution)
SolarWinds also uses the following standard ports: 22/TCP, 25/TCP, 135/TCP, 161-162/UDP, 443/TCP, 445/TCP, 465/TCP, 587/TCP, 1801/TCP
Malware that uses port 17777: Nephron trojan |
| 17778 |
tcp |
solarwinds |
not scanned |
SolarWinds Server & Application Monitor (SAM) uses the following ports:
4369 TCP - RabbitMQ messaging (EMPD)
5671 TCP - RabbitMQ messaging (AMQP over TLS/SSL)
5672 TCP - RabbitMQ messaging (AMQP unencrypted backup port)
17777 TCP - Orion module traffic, RSA handshake, AES 256 communication using WCF
17778 TCP - SolarWinds Information Service API
17779 TCP - SolarWinds Toolset Integration over HTTP
17790 TCP - Agent communication with the Orion server
17791 TCP - Agent communication with the Orion server
25672 TCP - RabbitMQ messaging (Erlang distribution)
SolarWinds also uses the following standard ports: 22/TCP, 25/TCP, 135/TCP, 161-162/UDP, 443/TCP, 445/TCP, 465/TCP, 587/TCP, 1801/TCP
|
| 17779 |
tcp |
solarwinds |
not scanned |
SolarWinds Server & Application Monitor (SAM) uses the following ports:
4369 TCP - RabbitMQ messaging (EMPD)
5671 TCP - RabbitMQ messaging (AMQP over TLS/SSL)
5672 TCP - RabbitMQ messaging (AMQP unencrypted backup port)
17777 TCP - Orion module traffic, RSA handshake, AES 256 communication using WCF
17778 TCP - SolarWinds Information Service API
17779 TCP - SolarWinds Toolset Integration over HTTP
17790 TCP - Agent communication with the Orion server
17791 TCP - Agent communication with the Orion server
25672 TCP - RabbitMQ messaging (Erlang distribution)
SolarWinds also uses the following standard ports: 22/TCP, 25/TCP, 135/TCP, 161-162/UDP, 443/TCP, 445/TCP, 465/TCP, 587/TCP, 1801/TCP
|
| 17781 |
tcp |
applications |
not scanned |
Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller for Cisco Local Director on HP-UX 11.11i allows remote attackers to execute arbitrary code via a long string to TCP port 17781.
References: [CVE-2007-4241], [BID-25227] |
| 17790,17791 |
tcp |
solarwinds |
not scanned |
SolarWinds Server & Application Monitor (SAM) uses the following ports:
4369 TCP - RabbitMQ messaging (EMPD)
5671 TCP - RabbitMQ messaging (AMQP over TLS/SSL)
5672 TCP - RabbitMQ messaging (AMQP unencrypted backup port)
17777 TCP - Orion module traffic, RSA handshake, AES 256 communication using WCF
17778 TCP - SolarWinds Information Service API
17779 TCP - SolarWinds Toolset Integration over HTTP
17790 TCP - Agent communication with the Orion server
17791 TCP - Agent communication with the Orion server
25672 TCP - RabbitMQ messaging (Erlang distribution)
SolarWinds also uses the following standard ports: 22/TCP, 25/TCP, 135/TCP, 161-162/UDP, 443/TCP, 445/TCP, 465/TCP, 587/TCP, 1801/TCP
|
| 17940 |
tcp |
trojans |
Members scan |
W32.Imav.A [Symantec-2006-012610-4055-99] (2006.01.26) - a worm spreading through ICQ messages, may also arrive as a .zip attachment to emails. Disables security-related products and lowers security settings on the compromised computer. Connects to login.icq.com on port 17940/tcp, and sends out messages containing links to copies of the worm. |
| 17988 |
tcp |
hp |
Premium scan |
HP integrated Lights Out Management Feature uses this port.
Also used by HP iLO as Virtual Media port. |
| 17990 |
tcp |
applications |
not scanned |
Res Manager in Worldspan for Windows Gateway 4.1 allows remote attackers to cause a denial of service (crash) via a malformed request to TCP port 17990.
References: [CVE-2002-1029], [BID-5169], [EDB-21594] |
| 18000 |
tcp,udp |
games |
not scanned |
Battlefield 2142
Phala network default ports: 9944, 18000, 19944 |
| 18010 |
tcp |
applications |
not scanned |
Super Dancer Online Extreme(SDO-X)—CiB Net Station Malaysia Server |
| 18017 |
tcp |
wanduck |
Premium scan |
Wanduck http server process on some ASUS routers (wanduck.c, ASUS RT AC66U, AC68Um etc.) binds server on port 18017/tcp |
| 18060 |
tcp |
games |
not scanned |
Battlefield 2142
Spore, developer: Maxis |
| 18067 |
tcp |
trojans |
Basic scan |
Trojans/worms that exploit the Microsoft Plug and Play Buffer Overflow Vulnerability ([MS05-039]) commonly use this port to listen for remote commands via IRC.
Backdoor.Mousey [Symantec-2005-080510-2502-99] - a trojan that opens a backdoor on the compromised computer. It listens for remote commands via IRC on port 18067/tcp.
W32.Esbot.B - a worm that spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (MS Security Bulletin [MS05-039]). Opens a backdoor and listens for remote commands by connecting to IRC servers on port 18067/tcp (W32.Esbot.A [Symantec-2005-081610-2800-99] variant uses port 30722/tcp).
W32.Mocbot.A [Symantec-2005-102415-5716-99] - a worm with backdoor capabilities that exploits the MS Plug and Play Buffer Overflow Vulnerability ([MS05-039]). Opens a backdoor and listens for remote commands on port 18067/tcp. |
| 18070 |
tcp |
applications |
not scanned |
Timespliters Future Perfect |
| 18075 |
tcp,udp |
applications |
not scanned |
Timespliters Future Perfect |
| 18080 |
tcp |
puremessage |
not scanned |
Rainmachine smart sprinkler controllers use ports 80, 8080 and 18080.
Port also used by PureMessage Manager, MySQL Enterprise Dashboard, Monero P2P network communications |
| 18081 |
tcp,udp |
games |
not scanned |
Dragon Age: Origins
Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081.
References: [CVE-2014-2976], [OSVDB-106149], [SECUNIA-58231], [XFDB-93753]
Monero incoming RPC calls also use this port (TCP) |
| 18082 |
tcp |
vipre |
not scanned |
VIPRE Business Security uses the following TCP ports: 8123, 18082, 18086, 18090. It may also communicate through TCP ports 135, 139, 445. |
| 18086 |
tcp |
vipre |
not scanned |
VIPRE Business Security uses the following TCP ports: 8123, 18082, 18086, 18090. It may also communicate through TCP ports 135, 139, 445. |
| 18090 |
tcp |
applications |
not scanned |
VIPRE Business Security uses the following TCP ports: 8123, 18082, 18086, 18090. It may also communicate through TCP ports 135, 139, 445.
FIFA Manager 10, developer: Bright Future GmbH |
| 18091 |
tcp |
applications |
not scanned |
An issue was discovered in Couchbase Server. Authenticated users can send arbitrary Erlang code to the 'diag/eval' endpoint of the REST API (available by default on TCP/8091 and/or TCP/18091). The executed code in the underlying operating system will run with the privileges of the user running Couchbase server.
References: [CVE-2018-15728], [BID-105157]
|
| 18095 |
tcp,udp |
games |
not scanned |
FIFA Manager 10 |
| 18104 |
tcp |
radpdf |
not scanned |
RAD PDF Service |
| 18120 |
tcp |
games |
not scanned |
Battlefield 2142
Spore, developer: Maxis |
| 18136 |
tcp |
racf |
not scanned |
IANA registered for: z/OS Resource Access Control Facility |
| 18180 |
tcp |
applications |
not scanned |
DART Reporting server |
| 18200 |
tcp |
ghidra |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server
Ghidra - open source reverse engineering suite of tools developed by the NSA, uses the following ports: 13100 TCP - default server port, 9010 TCP - optional jvisualvm port (dcom sun management jmxremote), 18200 TCP - optional java debug port. |
| 18201 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18206 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18231 |
tcp |
checkpoint |
not scanned |
Check Point VPN-1 ports:
259 udp - MEP configuration
264 tcp - Topology download
500 tcp/udp - IKE
2746 udp - UDP Encapsulation.
18231 tcp - Policy Server logon, when the client is inside the network
18232 tcp - Distribution server when the client is inside the network
18233 udp - Keep-alive protocol when the client is inside the network
18234 udp - Performing tunnel test, when the client is inside the network
18264 tcp - ICA certificate registration |
| 18232 |
tcp |
checkpoint |
not scanned |
Check Point VPN-1 ports:
259 udp - MEP configuration
264 tcp - Topology download
500 tcp/udp - IKE
2746 udp - UDP Encapsulation.
18231 tcp - Policy Server logon, when the client is inside the network
18232 tcp - Distribution server when the client is inside the network
18233 udp - Keep-alive protocol when the client is inside the network
18234 udp - Performing tunnel test, when the client is inside the network
18264 tcp - ICA certificate registration |
| 18233 |
udp |
checkpoint |
not scanned |
Check Point VPN-1 ports:
259 udp - MEP configuration
264 tcp - Topology download
500 tcp/udp - IKE
2746 udp - UDP Encapsulation.
18231 tcp - Policy Server logon, when the client is inside the network
18232 tcp - Distribution server when the client is inside the network
18233 udp - Keep-alive protocol when the client is inside the network
18234 udp - Performing tunnel test, when the client is inside the network
18264 tcp - ICA certificate registration |
| 18234 |
udp |
checkpoint |
not scanned |
Check Point VPN-1 ports:
259 udp - MEP configuration
264 tcp - Topology download
500 tcp/udp - IKE
2746 udp - UDP Encapsulation.
18231 tcp - Policy Server logon, when the client is inside the network
18232 tcp - Distribution server when the client is inside the network
18233 udp - Keep-alive protocol when the client is inside the network
18234 udp - Performing tunnel test, when the client is inside the network
18264 tcp - ICA certificate registration |
| 18242 |
tcp |
iclid |
not scanned |
Checkpoint router monitoring [Check Point Software] (IANA official) |
| 18243 |
tcp |
clusterxl |
not scanned |
Checkpoint router state backup [Check_Point_Software] (IANA official) |
| 18264 |
tcp |
applications |
not scanned |
Check Point VPN-1 R55, R65, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMP_TIMXCEED_INTRANS (a.k.a. ICMP time exceeded in-transit) response containing an encapsulated IP packet with an intranet address, as demonstrated by a TCP packet to the firewall management server on port 18264.
References: [CVE-2008-5849] [BID-32306]
Directory traversal vulnerability in Check Point Firewall-1 R55W before HFA03 allows remote attackers to read arbitrary files via an encoded .. (dot dot) in the URL on TCP port 18264.
References: [CVE-2006-3885] [BID-19136] [SECUNIA-21200]
Check Point ports:
259 udp - MEP configuration
264 tcp - Topology download
500 tcp/udp - IKE
2746 udp - UDP Encapsulation.
18231 tcp - Policy Server logon, when the client is inside the network
18232 tcp - Distribution server when the client is inside the network
18233 udp - Keep-alive protocol when the client is inside the network
18234 udp - Performing tunnel test, when the client is inside the network
18264 tcp - ICA certificate registration |
| 18300 |
tcp,udp |
games |
not scanned |
Battlefield 2142
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18301 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18302 |
tcp,udp |
portmon |
not scanned |
Portmon- monitors and displays all serial and parallel port activity on a system. |
| 18306 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18308 |
udp |
games |
not scanned |
Scrabble Complete |
| 18321 |
tcp,udp |
games |
not scanned |
Medieval: Total War |
| 18332 |
tcp |
bitcoin |
not scanned |
Bitcoin JSON-RPC testnet server |
| 18333 |
tcp,udp |
bitcoin |
not scanned |
Bitcoin Testnet uses this port. See also port 8333. |
| 18354 |
tcp |
trojans |
Premium scan |
Backdoor.Heplane [Symantec-2005-050122-5053-99] (2005.05.01) - a trojan that allows a remote attacker to have unauthorized access to the compromised computer. It also acts as a proxy server. |
| 18390 |
tcp |
games |
not scanned |
Battlefield: Bad Company 2, developer: EA Digital Illusions CE |
| 18395 |
tcp,udp |
games |
not scanned |
Battlefield: Bad Company 2, developer: EA Digital Illusions CE |
| 18400 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18401 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18443 |
tcp |
siemens |
Premium scan |
Siemens Openstage and Gigaset phones use the following ports:
389/tcp - LDAP
636/tcp - LDAPS
5010/tcp - RTP
5060/tcp - SIP gateway, backup proxy
8085/tcp - DLS
18443/TCP and 18444/TCP - provisioning over TLS (HTTPS)
|
| 18444 |
tcp |
siemens |
Premium scan |
Siemens Openstage and Gigaset phones use the following ports:
389/tcp - LDAP
636/tcp - LDAPS
5010/tcp - RTP
5060/tcp - SIP gateway, backup proxy
8085/tcp - DLS
18443/TCP and 18444/TCP - provisioning over TLS (HTTPS) |
| 18505 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18506 |
tcp,udp |
games |
not scanned |
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
| 18507 |
udp |
applications |
not scanned |
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
References: [CVE-2022-29957] |
| 18508 |
tcp |
applications |
not scanned |
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
References: [CVE-2022-29957] |
| 18510 |
tcp |
games |
not scanned |
Battlefield 2142 |
| 18510 |
udp |
applications |
not scanned |
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
References: [CVE-2022-29957] |
| 18512 |
udp |
applications |
not scanned |
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
References: [CVE-2022-29957] |
| 18515 |
udp |
applications |
not scanned |
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
References: [CVE-2022-29957] |
| 18516 |
udp |
heythings |
not scanned |
IANA registered for: HeyThings Device communicate service |
| 18518 |
tcp |
applications |
not scanned |
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
References: [CVE-2022-29957] |
| 18519 |
tcp |
applications |
not scanned |
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.
References: [CVE-2022-29957] |
| 18550 |
tcp,udp |
applications |
not scanned |
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350.
References: [CVE-2022-29963] |
| 18605 |
tcp,udp |
applications |
not scanned |
X-BEAT—Status/Version Check |
| 18606 |
tcp,udp |
applications |
not scanned |
X-BEAT |
| 18624 |
tcp |
applications |
not scanned |
Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorization or (2) Referer HTTP header to TCP port 18624. NOTE: the vendor has disputed this issue, stating "Check Point Security Alert Team has analyzed this report. We've tried to reproduce the attack on all VPN-1 versions from NG FP2 and above with and without HFAs. The issue was not reproduced. We have conducted a thorough analysis of the relevant code and verified that we are secure against this attack. We consider this attack to pose no risk to Check Point customers." In addition, the original researcher, whose reliability is unknown as of 20090407, also states that the issue "was discovered during a pen-test where the client would not allow further analysis."
References: [CVE-2009-1227] [BID-34286] |
| 18634 |
tcp,udp |
rds-ib |
not scanned |
Reliable Datagram Service |
| 18635 |
tcp,udp |
rds-ip |
not scanned |
Reliable Datagram Service over IP |
| 18667 |
tcp |
trojan |
Premium scan |
Knark trojan |
| 18668 |
tcp,udp |
vdmmesh |
not scanned |
IANA registered for: Manufacturing Execution Systems Mesh Communication |
| 18747 |
udp |
applications |
not scanned |
Citrix EdgeSight could allow a remote attacker to execute arbitrary code on the system, caused by an error in the LauncherService.exe component. By sending specially-crafted packets to TCP or UDP port 18747, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with SYSTEM-level privileges.
References: [XFDB-68148], [BID-48385] |
| 18753 |
udp |
trojan |
not scanned |
Shaft (DDoS) |
| 18881 |
tcp,udp |
applications |
not scanned |
This module exploits a stack buffer overflow in Race river's Integard Home/Pro internet content filter HTTP Server. Versions prior to 2.0.0.9037 and 2.2.0.9037 are vulnerable. The administration web page on port 18881 is vulnerable to a remote buffer overflow attack. By sending an long character string in the password field, both the structured exception handler and the saved extended instruction pointer are over written, allowing an attacker to gain control of the application and the underlying operating system remotely. The administration website service runs with SYSTEM privileges, and automatically restarts when it crashes.
References: [OSVDB-67909]
Port is also IANA registered for Infotos |
| 18888 |
tcp,udp |
liquidaudio |
not scanned |
Port used by LiquidAudio servers. |
| 18923 |
tcp,udp |
jahia |
not scanned |
Jahia |
| 18961 |
tcp |
trojans |
Premium scan |
Backdoor.Haxdoor.B [Symantec-2004-052016-0128-99] (2004.05.20) - a backdoor trojan horse that opens a TCP port, allowing unauthorized access to an infected computer. |
| 18999 |
udp |
applications |
not scanned |
A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading. The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability. Cisco Bug IDs: CSCvf73881.
References: [CVE-2018-0151], [BID-103540] |
| 19000 |
tcp |
games |
not scanned |
Silent Hunter IV: Wolves Of The Pacific, developer: UbiSoft Romania
Audition Online Dance Battle game uses these ports:
18200 tcp/udp: AsiaSoft Thailand Server - Status/Version Check
18201 tcp/udp: AsiaSoft Thailand Server
18206 tcp/udp: AsiaSoft Thailand Server - FAM Database
18300 tcp/udp: AsiaSoft SEA Server - Status/Version Check
18301 tcp/udp: AsiaSoft SEA Server
18306 tcp/udp: AsiaSoft SEA Server - FAM Database
18400 tcp/udp: KAIZEN Brazil Server - Status/Version Check
18401 tcp/udp: KAIZEN Brazil Server
18505 tcp/udp: Nexon Server - Status/Version Check
18506 tcp/udp: Nexon Server
19000 tcp/udp: G10/alaplaya Server - Status/Version Check
19001 tcp/udp: G10/alaplaya Server |
