| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 23000 |
tcp |
trojan |
Premium scan |
Storm worm |
| 23000 |
udp |
applications |
not scanned |
Gamespy Port (for Internet games), Battlefield Vietnam, Fly For Fun (TCP/UDP) |
| 23001 |
tcp |
trojan |
Premium scan |
Storm worm |
| 23005 |
tcp |
trojans |
Premium scan |
Infinaeon, Oxon, W32.HLLW.Nettrash [Symantec-2004-011310-3331-99]
Backdoor.Platrash [Symantec-2002-101613-3415-99] (2002.10.16) - a trojan horse coded in Visual Basic 6 that can allow unauthorized access to an infected computer. By default, it opens TCP ports 23005 and 23006 to listen for a connection. |
| 23006 |
tcp |
trojans |
Premium scan |
Infinaeon, Oxon, W32.HLLW.Nettrash [Symantec-2004-011310-3331-99]
Backdoor.Platrash [Symantec-2002-101613-3415-99] (2002.10.16) - a trojan horse coded in Visual Basic 6 that can allow unauthorized access to an infected computer. By default, it opens TCP ports 23005 and 23006 to listen for a connection. |
| 23023 |
tcp |
trojan |
Premium scan |
Sometimes used as an alternate to the standard ssh port 23
Some TechniColor routers use this port for ssh using root/root as login
Logged trojan horse |
| 23032 |
tcp |
trojan |
Premium scan |
Amanda trojan |
| 23053 |
tcp |
gntp |
not scanned |
Generic Notification Transport Protocol [Growl Project] (IANA official) |
| 23073 |
tcp,udp |
games |
not scanned |
Soldat |
| 23083 |
tcp |
games |
not scanned |
Soldat |
| 23210 |
tcp,udp |
applications |
not scanned |
Gameday Payoff |
| 23213 |
tcp,udp |
applications |
not scanned |
PowWow VoIP IM chat program by Tribal Voice |
| 23214 |
tcp,udp |
applications |
not scanned |
PowWow by Tribal Voice |
| 23232 |
tcp |
trojan |
Premium scan |
Backdoor.Berbew.J trojan [Symantec-2004-082414-4142-99] - trojan that attempts to steal cached passwords and gather confidential user information by displaying fake windows. Opens a rootshell on port 23232/tcp and FTP server on port 32121/tcp. |
| 23272 |
udp |
s102 |
not scanned |
S102 application |
| 23294 |
tcp |
5afe-dir |
not scanned |
IANA registered for: 5AFE SDN Directory |
| 23294 |
udp |
5afe-disc |
not scanned |
IANA registered for: 5AFE SDN Directory discovery |
| 23321 |
tcp |
trojan |
Premium scan |
Konik trojan |
| 23399 |
tcp,udp |
applications |
not scanned |
Skype Default Protocol |
| 23401 |
tcp |
nvidia |
not scanned |
NvBackend.exe - nVidia GeForce Experience service may listen to ports 23401 and/or 23402 TCP.
IANA registered for: Novar Alarm |
| 23402 |
tcp |
nvidia |
not scanned |
NvBackend.exe - nVidia GeForce Experience service may listen to ports 23401 and/or 23402 TCP.
IANA registered for: Novar Global |
| 23432 |
tcp |
trojans |
Premium scan |
Backdoor.Asylum (05.2000) - remote access trojan, uses ports 81, 2343, 23432 by default. |
| 23435 |
tcp |
trojan |
Premium scan |
Backdoor.Frango [Symantec-2003-101816-5050-99] - a backdoor trojan horse that gives an attacker unauthorized access to a computer. Backdoor.Frango is packed by FSG. It notifies the attacker by ICQ and CGI requests and listens on port 23435 by default.
Trojan.Framar [Symantec-2003-120314-1133-99]
Backdoor.Volac [Symantec-2003-121108-2958-99] - a backdoor trojan horse server that allows unauthorized remote access to an infected system. |
| 23444 |
tcp |
malware |
not scanned |
Backdoor.Win32.NetBull.11.a / Remote Buffer Overflow - Netbull listens on both TCP ports 23444 and 23445, sending a large string of junk chars causes stack corruption overwriting EDX register.
References: [MVID-2021-0035] |
| 23445 |
tcp |
malware |
not scanned |
Backdoor.Win32.NetBull.11.a / Remote Buffer Overflow - Netbull listens on both TCP ports 23444 and 23445, sending a large string of junk chars causes stack corruption overwriting EDX register.
References: [MVID-2021-0035] |
| 23456 |
tcp |
trojans |
Members scan |
Common sequence of numbers "2 3 4 5 6" often used as default port by some programs and trojans.
Cisco SD-WAN edge devices use these ports to establish connections with peers in the overlay network:
UDP ports 12346, 12446, 12546, 12646 (UDP if DTLS)
TCP ports: 23456, 23556, 23656, 23756 (TCP if DTLS)
Trojans/backdoors that use this port: Evil FTP, Ugly FTP, WhackJob
An issue was discovered on AVStar PE204 3.10.70 IP camera devices. A denial of service can occur on open TCP port 23456. After a TELNET connection, no TCP ports are open.
References: [CVE-2019-18382], [XFDB-170155]
Backdoor.Win32.NetBull.11.b / Remote Buffer Overflow - NetBull.11.b listens on both TCP ports 23456 and 23457, sending a large junk packet results in buffer overflow overwriting stack registers.
References: [MVID-2021-0066] |
| 23456 |
udp |
games |
not scanned |
Flight Simulator 2004 |
| 23457 |
tcp,udp |
games |
not scanned |
Deer Hunter 2004
Backdoor.Win32.NetBull.11.b / Remote Buffer Overflow - NetBull.11.b listens on both TCP ports 23456 and 23457, sending a large junk packet results in buffer overflow overwriting stack registers.
References: [MVID-2021-0066]
|
| 23458 |
tcp |
applications |
not scanned |
Deer Hunter 2005 |
| 23472 |
tcp |
applications |
not scanned |
HP Diagnostics Server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the magentservice.exe. By sending an overly long string to port 23472 TCP, a remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM level privileges or cause the application to crash.
References: [XFDB-72363], [BID-51398], [EDB-18423] |
| 23476 |
tcp |
trojans |
Premium scan |
Donald Dik Trojan - backdoor trojan similar to BlackOrifice, affects Windows 9x/NT, opens a backdoor and listens for remote commands on ports 23476/tcp and 23477/tcp.
|
| 23477 |
tcp |
trojans |
Premium scan |
Donald Dik Trojan - backdoor trojan similar to BlackOrifice, affects Windows 9x/NT, opens a backdoor and listens for remote commands on ports 23476/tcp and 23477/tcp. |
| 23513 |
tcp,udp |
applications |
not scanned |
Duke Nukem Ports |
| 23523 |
tcp |
trojans |
Premium scan |
W32.Mytob.KM@mm [Symantec-2005-101214-2941-99] - a mass-mailing worm with backdoor capabilities, that also lowers security settings on the compromised computer. Opens a backdoor by connecting to rax.oucihax.info and listens for remote commands on port 23523/tcp. |
| 23546 |
tcp |
areaguard-neo |
not scanned |
AreaGuard Neo - WebServer [SODATSW spol] (IANA official) |
| 23556 |
tcp |
cisco |
Premium scan |
Cisco SD-WAN edge devices use these ports to establish connections with peers in the overlay network:
UDP ports 12346, 12446, 12546, 12646 (UDP if DTLS)
TCP ports: 23456, 23556, 23656, 23756 (TCP if DTLS) |
| 23560 |
tcp |
prtg |
Premium scan |
Paessler PRTG Remote Probe uses port 2356.
Backdoor.Sparta.D [Symantec-2005-093012-4729-99] - backdoor trojan that can be controlled by a remote attacker via IRC channels, uses port 23560/tcp. |
| 23656 |
tcp |
cisco |
Premium scan |
Cisco SD-WAN edge devices use these ports to establish connections with peers in the overlay network:
UDP ports 12346, 12446, 12546, 12646 (UDP if DTLS)
TCP ports: 23456, 23556, 23656, 23756 (TCP if DTLS) |
| 23666 |
tcp |
trojans |
Premium scan |
Backdoor.Beasty.F [Symantec-2003-040209-5622-99] - a trojan that allows for remote control, listens on port TCP 23666 on your computer. |
| 23732 |
tcp,udp |
applications |
not scanned |
Canasis Canasta |
| 23733 |
tcp,udp |
applications |
not scanned |
Canasis Canasta |
| 23756 |
tcp |
cisco |
not scanned |
Cisco SD-WAN edge devices use these ports to establish connections with peers in the overlay network:
UDP ports 12346, 12446, 12546, 12646 (UDP if DTLS)
TCP ports: 23456, 23556, 23656, 23756 (TCP if DTLS) |
| 23777 |
tcp |
trojan |
Premium scan |
InetSpy |
| 24000 |
tcp |
trojans |
Premium scan |
Infector trojan (1999.04) - affects Windows 9x (ICQ). Uses ports 146, 1208, 17569, 24000, 30000
Apple med-ltp web service (with performance cache) uses the range 24000-24999/tcp. |
| 24004 |
tcp |
med-ovw |
not scanned |
EOSCoreScada.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service (daemon restart) by sending data to TCP port (1) 5050 or (2) 24004.
References: [CVE-2012-1810]
med-ovw (IANA official) |
| 24006 |
tcp |
applications |
not scanned |
EOSDataServer.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service by sending a large amount of data to TCP port 24006.
References: [CVE-2012-1811] |
| 24013 |
tcp,udp |
games |
not scanned |
Battle for the Universe, developer: Misty Software LLP |
| 24032 |
tcp,udp |
applications |
not scanned |
Cu-SeeMe White Pine |
| 24279 |
tcp |
med-ltp |
not scanned |
Apple web service with performance cache |
| 24289 |
tcp |
trojan |
Premium scan |
Backdoor.Latinus [Symantec-2002-060710-5206-99] - remote access trojan, afects Windows 9x/ME/NT/2k/XP, opens TCP port 11831/tcp for direct control, 29559/tcp for file transfer, may also use ports 21957/tcp, 24289/tcp, 29559/tcp.
|
| 24307 |
tcp |
trojan |
Premium scan |
Wildek trojan |
| 24322 |
udp |
hid |
not scanned |
Transport of Human Interface Device data streams [Freebox_SAS] (IANA official) |
| 24323 |
tcp |
vrmg-ip |
not scanned |
IANA registered for: Verimag mobile class protocol over TCP |
| 24444 |
tcp,udp |
applications |
not scanned |
NetBeans integrated development environment |
| 24465 |
tcp,udp |
tonidods |
not scanned |
Tonido Directory Server for Tonido which is a Personal Web App and P2P platform (IANA official) |
| 24554 |
tcp,udp |
binkp |
not scanned |
Airburst - Freeverse Software
IANA registered for: BINKP |
| 24596 |
tcp,udp |
games |
not scanned |
Active Lancer, developer: De Software |
| 24666 |
tcp |
sdtvwcam |
not scanned |
Service used by SmarDTV to communicate between a CAM and a second screen application (IANA official) |
| 24676 |
tcp,udp |
canditv |
not scanned |
Canditv Message Service |
| 24681 |
tcp |
trojans |
Premium scan |
Backdoor.Lowtaper [Symantec-2004-101411-3637-99] - remote access trojan, affects Windows, uses ports 24681/tcp and 10104/udp |
| 24726 |
tcp |
flipshare |
not scanned |
FlipShare Server uses ports 24726 and 24727 TCP. |
| 24727 |
|
flipshare |
not scanned |
FlipShare Server uses ports 24726 and 24727 TCP. |
| 24754 |
tcp |
cslg |
not scanned |
Citrix StorageLink Gateway |
| 24800 |
tcp,udp |
applications |
not scanned |
Synergy: keyboard/mouse sharing software |
| 24842 |
tcp,udp |
applications |
not scanned |
StepMania: Online: Dance Dance Revolution Simulator |
| 24850 |
udp |
assoc-disc |
not scanned |
Device Association Discovery [Microsoft Corporation] (IANA official) |
| 24960 |
tcp,udp |
applications |
not scanned |
CQPhone |
| 24961 |
tcp,udp |
applications |
not scanned |
CQPhone |
| 24962 |
tcp,udp |
applications |
not scanned |
CQPhone |
| 24999 |
tcp |
med-ltp |
not scanned |
med-ltp web service (with performance cache) uses the range 24000-24999 tcp. |
| 25000 |
tcp |
applications |
not scanned |
Teamware Office standard client connection |
| 25001 |
tcp |
icl-twobase2 |
not scanned |
Default port for Unity3D game engine networking
icl-twobase2 (IANA official) |
| 25002 |
tcp,udp |
trojan |
not scanned |
MOTD trojan |
| 25003 |
tcp |
applications |
not scanned |
Teamware Office client notifier |
| 25005 |
tcp |
applications |
not scanned |
Teamware Office message transfer |
| 25007 |
tcp |
applications |
not scanned |
Teamware Office MIME Connector |
| 25010 |
tcp |
applications |
not scanned |
Teamware Office Agent server |
| 25025 |
tcp |
trojans |
not scanned |
Backdoor.Kodalo [Symantec-2003-070115-1200-99] - a backdoor trojan horse that gives an attacker full access to an infected computer, listens on ports 25025, 25026, or 25044/tcp by default. |
| 25026 |
tcp |
trojans |
not scanned |
Backdoor.Kodalo [Symantec-2003-070115-1200-99] - a backdoor trojan horse that gives an attacker full access to an infected computer, listens on ports 25025, 25026, or 25044/tcp by default. |
| 25042 |
tcp,udp |
applications |
not scanned |
BitComet |
| 25044 |
tcp |
trojans |
not scanned |
Backdoor.Kodalo [Symantec-2003-070115-1200-99] - a backdoor trojan horse that gives an attacker full access to an infected computer, listens on ports 25025, 25026, or 25044/tcp by default. |
| 25072 |
tcp,udp |
applications |
not scanned |
radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier starts a process port 25072 that can be accessed with a default "jstwo" password, which allows remote attackers to gain access.
References: [CVE-2004-2048] [BID-10794] [SECUNIA-12154] [OSVDB-8246] |
| 25080 |
tcp,udp |
applications |
not scanned |
Ninja Email Security - port for checking against phishing attacks, spam, and malware. |
| 25100 |
tcp |
db2c-tls |
not scanned |
IBM Db2 Client Interface - Encrypted (IANA official) |
| 25105 |
tcp |
applications |
not scanned |
Default port for Insteon Hub |
| 25120 |
tcp,udp |
applications |
not scanned |
DMW Scanner |
| 25121 |
tcp,udp |
applications |
not scanned |
VOISpeed VoIP |
| 25123 |
tcp |
trojan |
Premium scan |
Goy'Z TroJan
DMW Scanner also uses this port (TCP/UDP) |
| 25150 |
tcp,udp |
games |
not scanned |
R.U.S.E. uses ports 25150-25199 |
| 25199 |
tcp,udp |
games |
not scanned |
R.U.S.E. uses ports 25150-25199 |
| 25226 |
tcp |
trojans |
Premium scan |
Backdoor.Delf.F [Symantec-2003-040117-4857-99] backdoor trojan that gives a hacker access to your computer. By default, it opens TCP ports 25226 and 45672. The existence of the file Svced.exe is an indication of a possible infection. |
| 25332 |
tcp,udp |
games |
not scanned |
Emperor: Rise of the Middle Kingdom |
| 25333 |
tcp |
games |
not scanned |
Emperor: Rise of the Middle Kingdom |
| 25386 |
tcp |
trojan |
Premium scan |
MoonPie trojan |
| 25471 |
sctp |
rna |
not scanned |
IANA registered for: RNSAP User Adaptation for Iurh |
| 25486 |
tcp |
trojan |
Premium scan |
MoonPie trojan |
| 25555 |
tcp |
trojan |
Premium scan |
FreddyK trojan |
| 25556 |
tcp |
trojan |
Premium scan |
FreddyK trojan |
| 25560 |
tcp |
applications |
not scanned |
codeheart.js Relay Server |
| 25565 |
tcp |
applications |
not scanned |
MySQL Standard port
Minecraft Dedicated Server (IANA official) |
