![](/images/bg.gif)
Shortcuts
|
Vulnerable Ports
This list (a very small part of our SG Ports database) includes TCP/UDP ports currently tested by our Security Scanner, and corresponding potential security threats.
We update the list on a regular basis, however if you feel we should add other port(s) to the list or modify their descriptions, please .
Any feedback and suggestions can also be posted to our Security forum.
Port(s) |
Protocol |
Service |
Scan level |
Description |
27666 |
tcp,udp |
games |
not scanned |
Doom 3 |
27700 |
tcp |
applications |
not scanned |
Risk Based Security has reported a vulnerability in multiple Schneider Electric products, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the modbus serial driver (ModbusDrv.exe) when parsing MBAP data and can be exploited to cause a stack-based buffer overflow by sending a specially crafted request to TCP port 27700.
References: [SECUNIA-52821] |
27719 |
tcp,udp |
games |
not scanned |
Prey |
27733 |
udp |
games |
not scanned |
Enemy Territory: Quake Wars, Wolfenstein |
27750 |
tcp,udp |
games |
not scanned |
Medieval 2: Total War |
27780 |
tcp |
games |
not scanned |
RF Online
Archlord Beta (TCP/UDP), developer: NHN Games Corporation |
27876 |
tcp |
astrolink |
not scanned |
Astrolink Protocol - Alanax Technologies Inc (IANA official) |
27886 |
tcp,udp |
applications |
not scanned |
Supercade |
27888 |
udp |
applications |
not scanned |
No One Lives Forever, F.E.A.R (TCP/UDP), Contract J.A.C.K. (TCP/UDP), Shogo: Mobile Armor Division (TCP/UDP), Kaillera server
Aliens vs Predator 2 uses ports 27888-27900
Multiple format string vulnerabilities in the Monolith Lithtech engine, as used by First Encounter Assault Recon (F.E.A.R.) 1.08 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in a PB_Y packet to the YPG server on UDP port 27888 or a PB_U packet to UCON on UDP port 27888.
References: [CVE-2007-5247] |
27900 |
udp |
games |
not scanned |
Battlefield 2142, ToCA Race Driver 3, Worms 4 Mayhem, Nintendo Wi-Fi Connection (TCP/UDP)
GameSpy Arcade - Master Server UDP Heartbeat. Also uses ports 3783, 6500, 6515 UDP, 6667, 13139 UDP, 27900 UDP, 28900, 29900, 29901 |
27901 |
udp |
games |
not scanned |
Battlefield 2142 Stats, Star Trek Armada II, id Software's Quake II master server
Stack-based buffer overflow in the M_AddToServerList function in client/menu.c in Red Planet Arena Alien Arena 7.30 allows remote attackers to execute arbitrary code via a packet with a crafted server description to UDP port 27901 followed by a packet with a long print command.
References: [CVE-2009-3637], [BID-36782], [SECUNIA-37118] |
27910 |
tcp |
games |
not scanned |
Quake 2 |
27910 |
udp |
games |
not scanned |
Star Trek Voyager: Elite Force |
27942 |
tcp |
malware |
not scanned |
Backdoor.Win32.Agent.ggw / Authentication Bypass - the malware runs a built-in FTP server listening on one of several random TCP ports like 32335, 27227, 27942, 14223, 14988, 11092. Third-party attackers who can reach the server and that know or guess the port can "logon" using any USER/PASS combination or provide no credentials at all.
References: [MVID-2021-0193] |
27950 |
tcp,udp |
games |
not scanned |
Quake 3, Return To Castle Wolfenstein (UDP), OpenArena outgoing port |
27952 |
tcp,udp |
games |
not scanned |
Quake 3, Return To Castle Wolfenstein (UDP) |
27960 |
udp |
games |
not scanned |
Return to Castle Wolfenstein: Enemy Territory, Quake (TCP/UDP), Star Trek Voyager: Elite Force
Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted join packet to UDP port 27960.
References: [CVE-2008-6671], [BID-29889]
Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a denial of service ("runtime error") via a crafted join packet to UDP port 27960, probably related to an invalid nickname command.
References: [CVE-2008-6672] [BID-29889] [SECUNIA-30823]
Integer overflow in Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet to UDP port 27960.
References: [CVE-2008-6670] [BID-29889] [SECUNIA-30823] [OSVDB-46561]
Quake3 Arena is vulnerable to a denial of service attack caused by a buffer overflow when initiating a connect sequence with the server's default port 27960. By sending a UDP packet with a string containing 255 characters four times with "connectre", a remote attacker can overflow a buffer to cause the server to crash.
References: [CVE-2001-1289], [XFDB-6930], [BID-3123] |
27963 |
tcp,udp |
games |
not scanned |
Original War |
27965 |
tcp,udp |
games |
not scanned |
Quake 3, Return To Castle Wolfenstein |
27999 |
tcp |
trojans |
Members scan |
W32.Mytob.EU@mm [Symantec-2005-061509-3649-99] - mass mailing worm that uses its own SMTP engine. Opens a backdoor and listens for remote commands on port 27999/tcp. W32.Mytob.GB@mm [Symantec-2005-062410-0444-99] and W32.Mytob.KE@mm [Symantec-2005-100711-1841-99] variants also use this port.
MechWarrior 4 - Mercenaries, Tribes also use this port. |
28000 |
tcp,udp |
games |
not scanned |
Siemens PLM Software license server
Games:
Fly For Fun, developer: Gpotato
Ski Racing 2006, Tribes, Bitfighter Common/default Bitfighter Server
The Better Mod - TBM uses ports 28000-28030
NX License Manager (IANA official) |
28001 |
tcp |
pqsp |
not scanned |
PQ Service
Starsiege Tribes also uses port 28001 (TCP/UDP), developer: Dynamix |
28004 |
tcp,udp |
games |
not scanned |
Quake 4 |
28008 |
tcp |
games |
not scanned |
Tribes |
28010 |
tcp |
gruber-cashreg |
not scanned |
IANA registered for: Gruber cash registry protocol |
28012 |
tcp |
applications |
not scanned |
The LAN game feature in Carom3D 5.06 allows remote authenticated users to cause a denial of service (application hang) via a crafted HTTP request to TCP port 28012.
References: [CVE-2009-2173] |
28020 |
tcp |
games |
not scanned |
Tribes |
28030 |
tcp,udp |
applications |
not scanned |
The Better Mod - TBM uses ports 28000-28030 |
28060 |
tcp,udp |
games |
not scanned |
Star Wars Jedi Knight II Jedi Outcast |
28061 |
tcp,udp |
games |
not scanned |
Star Wars Jedi Knight II Jedi Outcast |
28062 |
tcp,udp |
games |
not scanned |
Star Wars Jedi Knight II Jedi Outcast |
28070 |
tcp,udp |
games |
not scanned |
Star Wars Jedi Knight Jedi Academy uses ports 28070-28081 |
28080 |
tcp |
thor-engine |
not scanned |
Thor/server - ML engine (IANA official) |
28081 |
tcp,udp |
games |
not scanned |
Star Wars Jedi Knight Jedi Academy uses ports 28070-28081 |
28088 |
udp |
games |
not scanned |
Lord of the Rings: Battle for Middle Earth uses ports 8088-28088 |
28119 |
udp |
a27-ran-ran |
not scanned |
A27 cdma2000 RAN Management [ThreeGPP2] (IANA official) |
28200 |
tcp,udp |
voxelstorm |
not scanned |
VoxelStorm game server [VoxelStorm] (IANA official) |
28201 |
tcp,udp |
pharos |
not scanned |
Pharos print server client |
28218 |
tcp |
trojan |
Premium scan |
Oracle trojan |
28221 |
tcp,udp |
emule |
not scanned |
eMule, BitTorrent |
28260 |
tcp |
applications |
not scanned |
Palo Alto Networks Panorama HA (High Availability) uses these ports:
28/tcp - HA1 control link for SSH over TCP encrypted communication
28260/tcp, 28769/tcp - used for HA1 control link for clear text communication between HA peer firewalls
28770/tcp - listening port for HA1 backup links
28771/tcp - heartbeat backups
29781/udp - HA2 link to synchronize sessions, table forwarding, IPSec, ARP tables |
28395 |
tcp |
applications |
not scanned |
www.SmartSystemsLLC.com Smart Sale 5.0 |
28429 |
tcp |
trojan |
Premium scan |
Hack 'a' Tack trojan - affects Windows 9x, communicates over TCP ports 31785, 31787 and UDP ports 31789, 31791 by default, may also use TCP ports 28429-28435. |
28430 |
tcp |
trojan |
Premium scan |
Hack 'a' Tack trojan - affects Windows 9x, communicates over TCP ports 31785, 31787 and UDP ports 31789, 31791 by default, may also use TCP ports 28429-28435. |
28431 |
tcp |
trojan |
Premium scan |
Hack 'a' Tack trojan - affects Windows 9x, communicates over TCP ports 31785, 31787 and UDP ports 31789, 31791 by default, may also use TCP ports 28429-28435. |
28432 |
udp |
trojan |
not scanned |
Hack 'a' Tack trojan - affects Windows 9x, communicates over TCP ports 31785, 31787 and UDP ports 31789, 31791 by default, may also use TCP ports 28429-28435. |
28433 |
tcp |
trojan |
Premium scan |
Hack 'a' Tack trojan - affects Windows 9x, communicates over TCP ports 31785, 31787 and UDP ports 31789, 31791 by default, may also use TCP ports 28429-28435. |
28434 |
tcp |
trojan |
Premium scan |
Hack 'a' Tack trojan - affects Windows 9x, communicates over TCP ports 31785, 31787 and UDP ports 31789, 31791 by default, may also use TCP ports 28429-28435. |
28435 |
tcp |
trojan |
Premium scan |
Hack 'a' Tack trojan - affects Windows 9x, communicates over TCP ports 31785, 31787 and UDP ports 31789, 31791 by default, may also use TCP ports 28429-28435. |
28436 |
tcp |
trojan |
Premium scan |
Hack 'a' Tack trojan - affects Windows 9x, communicates over TCP ports 31785, 31787 and UDP ports 31789, 31791 by default, may also use TCP ports 28429-28435. |
28443 |
tcp |
applications |
not scanned |
Palo Alto Networks' Panorama-to-managed devices software updates, PAN-OS 8.0 and later. |
28589 |
tcp |
bosswave |
not scanned |
IANA registered for: Building operating system services wide area verified exchange |
28678 |
tcp |
trojan |
Premium scan |
Exploiter trojan |
28769 |
tcp |
applications |
not scanned |
Palo Alto Networks Panorama HA (High Availability) uses these ports:
28/tcp - HA1 control link for SSH over TCP encrypted communication
28260/tcp, 28769/tcp - used for HA1 control link for clear text communication between HA peer firewalls
28770/tcp - listening port for HA1 backup links
28771/tcp - heartbeat backups
29781/udp - HA2 link to synchronize sessions, table forwarding, IPSec, ARP tables |
28770 |
tcp |
applications |
not scanned |
Palo Alto Networks Panorama HA (High Availability) uses these ports:
28/tcp - HA1 control link for SSH over TCP encrypted communication
28260/tcp, 28769/tcp - used for HA1 control link for clear text communication between HA peer firewalls
28770/tcp - Panorama HA1 backup sync port
28771/tcp - heartbeat backups
29781/udp - HA2 link to synchronize sessions, table forwarding, IPSec, ARP tables |
28771 |
tcp |
panorama |
not scanned |
Palo Alto Networks Panorama HA (High Availability) uses these ports:
28/tcp - HA1 control link for SSH over TCP encrypted communication
28260/tcp, 28769/tcp - used for HA1 control link for clear text communication between HA peer firewalls
28770/tcp - Panorama HA1 backup sync port
28771/tcp - heartbeat backups
29781/udp - HA2 link to synchronize sessions, table forwarding, IPSec, ARP tables |
28785 |
udp |
applications |
not scanned |
IANA registered for: Cube 2 Sauerbraten |
28786 |
udp |
applications |
not scanned |
IANA registered for: Cube 2 Sauerbraten |
28800 |
tcp |
games |
not scanned |
Age of Mythology |
28800 |
udp |
games |
not scanned |
MechWarrior 4 |
28801 |
tcp |
games |
not scanned |
Age of Mythology |
28802 |
tcp |
games |
not scanned |
Age of Mythology |
28803 |
tcp |
games |
not scanned |
Age of Mythology |
28804 |
tcp |
games |
not scanned |
Age of Mythology |
28805 |
tcp |
games |
not scanned |
Age of Mythology, MechWarrior 4 - Mercenaries |
28806 |
tcp |
games |
not scanned |
MechWarrior 4 - Mercenaries |
28807 |
tcp |
games |
not scanned |
MechWarrior 4 - Mercenaries |
28808 |
tcp |
games |
not scanned |
MechWarrior 4 - Mercenaries |
28852 |
tcp |
applications |
not scanned |
Killing Floor |
28876 |
tcp |
trojans |
Premium scan |
Backdoor.Globe [Symantec-2005-011216-5201-99] - a proof-of-concept Trojan horse program that exploits the Microsoft Windows LoadImage API Function Integer Overflow Vulnerability (Windows XP, described in Microsoft Security Bulletin MS05-002). The Trojan is written in JavaScript and is embedded in .html files.
Trojan.Helemoo [Symantec-2005-072312-2716-99] - a backdoor trojan that exploits a MS IE DHTML Memory Corruption Vulnerability ([MS05-020]). Opens a backdoor and listens for remote commands on port 28876/tcp by default. |
28883 |
udp |
games |
not scanned |
Combat Flight Simulator 3: Battle For Europe, developer: Microsoft |
28884 |
udp |
games |
not scanned |
Combat Flight Simulator 3: Battle For Europe, developer: Microsoft |
28885 |
udp |
games |
not scanned |
Combat Flight Simulator 3: Battle For Europe, developer: Microsoft |
28886 |
udp |
games |
not scanned |
Combat Flight Simulator 3: Battle For Europe, developer: Microsoft |
28900 |
tcp |
games |
Members scan |
GameSpy Arcade - Master Server List Request, Worms 4 Mayhem
Also uses ports 3783, 6500, 6515 UDP, 6667, 13139 UDP, 27900 UDP, 28900, 29900, 29901 |
28901 |
tcp,udp |
games |
not scanned |
Hoyle Games |
28902 |
tcp |
applications |
not scanned |
Unreal Tournament 2004 Master Server Browser |
28910 |
tcp |
games |
Members scan |
Heretic II server
Soldier of Fortune 2 game server
Command and Conquer
Battlefield 2142
Armies of Exigo
Nintendo Wii ports: 12400, 28910, 29900, 29901, 29920 TCP (optionally ports 80, 443, 6667 TCP, and random UDP ports) |
28960 |
tcp,udp |
games |
Basic scan |
Port used by Call of Duty, Return to Castle Wolfenstein |
29000 |
tcp,udp |
saltd-licensing |
not scanned |
PWI and PWI patches
Battlefield 2
IANA registered for: Siemens Licensing Server (TCP) |
29070 |
udp |
games |
Members scan |
Star Wars III Jedi Knight Jedi Academy (JK3) |
29104 |
tcp |
trojan |
Members scan |
NETrojan, Host Control trojans |
29118 |
sctp |
sgsap |
not scanned |
SGsAP in 3GPP [GPP Specifications] (IANA official) |
29147 |
tcp |
trojans |
Premium scan |
Backdoor.Sdbot.AI [Symantec-2005-010309-3226-99] network aware worm with backdoor capabilities. Spreads via network shares. Opens a backdoor and listens for remote commands by connecting to IRC servers on port 29147/tcp. |
29168 |
sctp |
sbcap |
not scanned |
SBcAP in 3GPP [GPP Specifications] (IANA official) |
29169 |
sctp |
iuhsctpassoc |
not scanned |
HNBAP and RUA Common Association |
29200 |
udp |
applications |
not scanned |
Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (game interruption) via a malformed UDP packet sent to a game port, such as port 29200.
References: [CVE-2004-1524], [BID-11683] |
29292 |
tcp |
trojans |
Premium scan |
TMO Integration Service Communications port, used by Transaction Manager SaaS (HighJump Software)
BackGate Kit
Backdoor.NTHack [Symantec-2001-031517-2139-99] |
29339 |
tcp,udp |
applications |
not scanned |
Live For Speed Server |
29369 |
tcp |
trojan |
Premium scan |
ovasOn trojan |
29559 |
tcp |
trojans |
Premium scan |
Backdoor.Ducktoy [Symantec-2002-071814-5240-99] (2002.07.18) - remote access trojan, affects Windows, listens to ports 29559 and 59211 by default.
Backdoor.Latinus [Symantec-2002-060710-5206-99] - remote access trojan, afects Windows 9x/ME/NT/2k/XP, opens TCP port 11831/tcp for direct control, 29559/tcp for file transfer, may also use ports 24289/tcp, 29559/tcp.
Backdoor.AntiLam [Symantec-2002-060715-0902-99], a.k.a. AntiLamer backdoor - remote access trojan, affects Windows, listens on TCP ports 29559 and 47891, may also use port 29999.
Other trojans that use this port: DarkFace, DataRape, Pest, Vagr Nocker
Backdoor.Win32.Antilam.11 / Unauthenticated Remote Code Execution - the Win32.Antilam.11 malware aka "Backdoor.Win32.Latinus.b" (MVID-2021-0029), listens on TCP ports 11831, 29559. Third-party attackers who can reach infected systems can execute commands made available by the backdoor.
References: [MVID-2021-0324] |
29589 |
tcp,udp |
trojan |
not scanned |
KiLo trojan [Symantec-2003-021319-1815-99] |
29781 |
udp |
panorama |
not scanned |
Palo Alto Networks Panorama HA (High Availability) uses these ports:
28/tcp - HA1 control link for SSH over TCP encrypted communication
28260/tcp, 28769/tcp - used for HA1 control link for clear text communication between HA peer firewalls
28770/tcp - Panorama HA1 backup sync port
28771/tcp - heartbeat backups
29781/udp - HA2 link to synchronize sessions, table forwarding, IPSec, ARP tables |
29831 |
tcp,udp |
slapd |
not scanned |
Slapd |
29891 |
udp |
trojan |
not scanned |
The Unexplained trojan |
29900 |
tcp |
games |
Basic scan |
Nintendo Wii ports: 12400, 28910, 29900, 29901, 29920 TCP (optionally ports 80, 443, 6667 TCP, and random UDP ports)
GameSpy Arcade - GP Connection Manager. Also uses ports 3783, 6500, 6515 UDP, 6667, 13139 UDP, 27900 UDP, 28900, 29900, 29901
Battlefield 2142
Worms 4 Mayhem
Civilization iV
Command and Conquer |
29901 |
tcp |
games |
Members scan |
Nintendo Wii ports: 12400, 28910, 29900, 29901, 29920 TCP (optionally ports 80, 443, 6667 TCP, and random UDP ports)
GameSpy Arcade - GP Search Manager. Also uses ports 3783, 6500, 6515 UDP, 6667, 13139 UDP, 27900 UDP, 28900, 29900, 29901
Worms 4 Mayhem
Battlefield 2
Civilization III |
29920 |
tcp |
games |
Premium scan |
Command and Conquer Generals
Nintendo Wii ports: 12400, 28910, 29900, 29901, 29920 TCP (optionally ports 80, 443, 6667 TCP, and random UDP ports) |
29976 |
tcp |
trojan |
Premium scan |
Trojan Spirit 2001a |
29980 |
tcp |
trojan |
Premium scan |
Trojan Spirit 2001a |
Vulnerabilities listed: 100 (some use multiple ports)
|