Shortcuts
|
Vulnerable Ports
This list (a very small part of our SG Ports database) includes TCP/UDP ports currently tested by our Security Scanner, and corresponding potential security threats.
We update the list on a regular basis, however if you feel we should add other port(s) to the list or modify their descriptions, please .
Any feedback and suggestions can also be posted to our Security forum.
| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 31415 |
tcp |
trojan |
Premium scan |
ThoughtSignal - Server Communication Service (often Informational)
Lithium trojan |
| 31416 |
tcp,udp |
trojan |
not scanned |
Lithium trojan |
| 31435 |
|
games |
not scanned |
Arcanum, Arcanum Won.net |
| 31438 |
tcp |
applications |
not scanned |
Rocket U2 |
| 31439 |
tcp |
trojans |
Premium scan |
Trojan.Tatanarg.B [Symantec-2012-051102-1813-99] - a trojan horse that attempts to steal information from the compromised computer, opens backdoor on port 31439/tcp. |
| 31456 |
tcp |
applications |
not scanned |
TetriNET IRC gateway on some servers |
| 31457 |
tcp,udp |
applications |
not scanned |
Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by connecting to port 31457 from a host with a long DNS hostname.
References: [CVE-1999-1060]
TetriNET Protocol (IANA official) |
| 31458 |
tcp |
applications |
not scanned |
TetriNET Used for game spectators |
| 31500 |
udp |
applications |
not scanned |
Kingpin: Life of Crime, developer: Xatrix Entertainment/Gray Matter Interactive |
| 31510 |
tcp,udp |
KingPin |
not scanned |
KingPin |
| 31554 |
tcp |
trojan |
Premium scan |
Schwindler trojan horse |
| 31556 |
tcp |
malware |
not scanned |
Backdoor.Win32.Zdemon.10 / Unauthenticated Remote Command Execution - Zdemon malware listens on TCP ports 31556, 6051. Third-party attackers who can reach infected systems can execute commands made available by the backdoor.
References: [MVID-2021-0313] |
| 31557 |
tcp |
trojans |
Premium scan |
NetBus, Xanadu |
| 31564 |
tcp |
proxy |
Premium scan |
Fiddler Core (a .Net class library for C# apps) - insecure default flag leads to Open Proxy Issue. Kantai Collection game (KanColleViewer utility app) uses Fiddler Core library to open a web proxy on port 37564 TCP.
Reference: [CVE-2015-2947] |
| 31620 |
tcp,udp |
lm-mon |
not scanned |
lm mon [System Administrator] (IANA official) |
| 31631 |
tcp |
trojan |
Premium scan |
CleptoManicos trojan |
| 31666 |
tcp |
trojan |
Premium scan |
BOWhack, BOWackmole trojans |
| 31693 |
tcp |
trojans |
Premium scan |
Backdoor.Turkojan [Symantec-2003-032816-3726-99] (2003.03.28) - a backdoor trojan that gives an attacker unauthorized access to a compromised computer. By default is opens port 31693/tcp. |
| 31745 |
tcp |
trojan |
Premium scan |
BuschTrommel trojan
Backdoor.Win32.Bushtrommel.122 / Authentication Bypass - the malware listens on TCP port 31745 runs an ftp server on port 1030. Attackers who can reach infected systems can logon using any username/password combination. Intruders may then upload executables using ftp PASV, STOR commands.
References: [MVID-2022-0629]
Backdoor.Win32.Bushtrommel.122 / Unauthenticated Remote Command Execution - the malware listens on TCP port 31745 and 1030. Adversaries who can reach infected hosts can run commands made available by the backdoor. The "*RUN" command calls CreateProcess() based on CL input, errors will result in a pop up dialog on the infected host:
"CreateProcess() in function () GetConsoleOuput() failed!". Correct syntax is as follows *RUN"calc.exe", successful code execution results in the response "*EVA*" from the backdoored host.
References: [MVID-2022-0630] |
| 31778 |
tcp |
trojans |
not scanned |
Hack 'a' Tack trojan - affects Windows, communicates over TCP ports 31778, 31785, 31787 and UDP ports 31788, 31789, 31790, 31791, 31792 by default. |
| 31785 |
tcp |
trojan |
Premium scan |
Hack 'a' Tack trojan - affects Windows, communicates over TCP ports 31778, 31785, 31787 and UDP ports 31788, 31789, 31790, 31791, 31792 by default. |
| 31787 |
tcp |
trojan |
Members scan |
Hack 'a' Tack trojan - affects Windows, communicates over TCP ports 31778, 31785, 31787 and UDP ports 31788, 31789, 31790, 31791, 31792 by default. |
| 31787 |
tcp |
trojan |
Premium scan |
Hack 'a' Tack trojan - affects Windows, communicates over TCP ports 31778, 31785, 31787 and UDP ports 31788, 31789, 31790, 31791, 31792 by default. |
| 31788 |
tcp |
trojan |
Premium scan |
Hack 'a' Tack trojan - affects Windows, communicates over TCP ports 31778, 31785, 31787 and UDP ports 31788, 31789, 31790, 31791, 31792 by default. |
| 31789 |
udp |
hackatack |
not scanned |
Hack 'a' Tack trojan - affects Windows, communicates over TCP ports 31778, 31785, 31787 and UDP ports 31788, 31789, 31790, 31791, 31792 by default. |
| 31790 |
udp |
hackattack |
not scanned |
Hack 'a' Tack trojan - affects Windows, communicates over TCP ports 31778, 31785, 31787 and UDP ports 31788, 31789, 31790, 31791, 31792 by default. |
| 31791 |
udp |
trojan |
not scanned |
Hack 'a' Tack trojan - affects Windows, communicates over TCP ports 31778, 31785, 31787 and UDP ports 31788, 31789, 31790, 31791, 31792 by default. |
| 31792 |
tcp |
trojan |
Premium scan |
Hack 'a' Tack trojan - affects Windows, communicates over TCP ports 31778, 31785, 31787 and UDP ports 31788, 31789, 31790, 31791, 31792 by default. |
| 31880 |
tcp |
tablo |
not scanned |
Tablo Connect (TV streaming) uses the following ports: TCP 21030, 21031, 21032.
Tablo can instead use the following set of ports: TCP 31887, 31880, 31883 (3188x public/WAN ports are mapped to different private/LAN ports as follows: 31887 WAN -> 8887 LAN, 31880 WAN -> 80 LAN, 31883 WAN -> 443 LAN). |
| 31883 |
tcp |
tablo |
not scanned |
Tablo Connect (TV streaming) uses the following ports: TCP 21030, 21031, 21032.
Tablo can instead use the following set of ports: TCP 31887, 31880, 31883 (3188x public/WAN ports are mapped to different private/LAN ports as follows: 31887 WAN -> 8887 LAN, 31880 WAN -> 80 LAN, 31883 WAN -> 443 LAN). |
| 31887 |
tcp |
tablo |
Premium scan |
Tablo Connect (TV streaming) uses the following ports: TCP 21030, 21031, 21032.
Tablo can instead use the following set of ports: TCP 31887, 31880, 31883 (3188x public/WAN ports are mapped to different private/LAN ports as follows: 31887 WAN -> 8887 LAN, 31880 WAN -> 80 LAN, 31883 WAN -> 443 LAN).
Malware that uses this port: BDDT trojan |
| 31889 |
tcp |
trojan |
Premium scan |
BDDT trojan |
| 31999 |
tcp,udp |
applications |
not scanned |
An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely.
References: [CVE-2020-1952], [XFDB-180823] |
| 32000 |
tcp |
applications |
Members scan |
Merak WebMail server
Mercur Messaging
Java Wrapper Service
BDDT trojan
Artisoft XtraMail DoS vulnerability - control port can be overflown with long usernames. [BID-791]
Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack 4 allow remote attackers to cause a denial of service (crash) via (1) "long command lines at port 32000" and (2) certain name service queries that are not properly handled by the SMTP service.
References: [CVE-2006-7038] [BID-18462] [SECUNIA-20432]
The (1) function.php or (2) function.view.php scripts in Merak Mail Server 5.2.7 allow remote attackers to read arbitrary PHP files via a direct HTTP request to port 32000.
References: [CVE-2004-1721] [BID-10966] [OSVDB-9045] [SECUNIA-12269] |
| 32001 |
tcp |
trojan |
Premium scan |
Donald Dik trojan |
| 32019 |
tcp |
games |
not scanned |
Action PC Football (2006, 2010, 2017) game |
| 32100 |
tcp |
trojans |
Members scan |
Some trojans/backdoors use this port: Peanut Brittle, Project nEXT |
| 32121 |
tcp |
trojan |
Premium scan |
Backdoor.Berbew.J trojan [Symantec-2004-082414-4142-99] - trojan that attempts to steal cached passwords and gather confidential user information by displaying fake windows. Opens a rootshell on port 23232/tcp and FTP server on port 32121/tcp. |
| 32123 |
tcp,udp |
applications |
not scanned |
x3Lobby, an internet application (TCP)
The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1.
References: [CVE-2009-4657], [BID-36454] |
| 32137 |
tcp |
applications |
not scanned |
Immunet Protect |
| 32158 |
tcp,udp |
games |
not scanned |
Diamond Mind Baseball |
| 32160 |
tcp,udp |
games |
not scanned |
Stendhal, developer: Miguel Angel Blanch Lardin |
| 32245 |
tcp |
applications |
not scanned |
MMTSG-mutualed over MMT (encrypted transmission) |
| 32335 |
tcp |
malware |
not scanned |
Backdoor.Win32.Agent.ggw / Authentication Bypass - the malware runs a built-in FTP server listening on one of several random TCP ports like 32335, 27227, 27942, 14223, 14988, 11092. Third-party attackers who can reach the server and that know or guess the port can "logon" using any USER/PASS combination or provide no credentials at all.
References: [MVID-2021-0193] |
| 32400 |
tcp,udp |
plex |
not scanned |
Plex Media Server uses port 32400 TCP. It also uses the following ports locally (no need to forward them onto the internet):
1900 UDP - Plex DLNA Server access
3005 TCP - controlling Plex Home Theater via Plex Companion
5353 UDP - Bonjour/Avahi network discovery
8324 TCP - controlling Plex for Roku via Plex Companion
32410, 32412, 32413, 32414 UDP - current GDM network discovery
32469 TCP - Plex DLNA Server access
|
| 32410 |
udp |
plex |
not scanned |
Plex Media Server uses port 32400 TCP. It also uses the following ports locally (no need to forward them onto the internet):
1900 UDP - Plex DLNA Server access
3005 TCP - controlling Plex Home Theater via Plex Companion
5353 UDP - Bonjour/Avahi network discovery
8324 TCP - controlling Plex for Roku via Plex Companion
32410, 32412, 32413, 32414 UDP - current GDM network discovery
32469 TCP - Plex DLNA Server access
|
| 32412 |
udp |
plex |
not scanned |
Plex Media Server uses port 32400 TCP. It also uses the following ports locally (no need to forward them onto the internet):
1900 UDP - Plex DLNA Server access
3005 TCP - controlling Plex Home Theater via Plex Companion
5353 UDP - Bonjour/Avahi network discovery
8324 TCP - controlling Plex for Roku via Plex Companion
32410, 32412, 32413, 32414 UDP - current GDM network discovery
32469 TCP - Plex DLNA Server access |
| 32413 |
udp |
plex |
not scanned |
Plex Media Server uses port 32400 TCP. It also uses the following ports locally (no need to forward them onto the internet):
1900 UDP - Plex DLNA Server access
3005 TCP - controlling Plex Home Theater via Plex Companion
5353 UDP - Bonjour/Avahi network discovery
8324 TCP - controlling Plex for Roku via Plex Companion
32410, 32412, 32413, 32414 UDP - current GDM network discovery
32469 TCP - Plex DLNA Server access |
| 32414 |
udp |
plex |
not scanned |
Plex Media Server uses port 32400 TCP. It also uses the following ports locally (no need to forward them onto the internet):
1900 UDP - Plex DLNA Server access
3005 TCP - controlling Plex Home Theater via Plex Companion
5353 UDP - Bonjour/Avahi network discovery
8324 TCP - controlling Plex for Roku via Plex Companion
32410, 32412, 32413, 32414 UDP - current GDM network discovery
32469 TCP - Plex DLNA Server access |
| 32418 |
tcp |
trojan |
Members scan |
Peanut Brittle, Project nEXT, Acid Battery trojan |
| 32440 |
tcp |
trojan |
Premium scan |
Backdoor.Alets.B trojan [Symantec-2005-010617-2801-99] |
| 32469 |
tcp |
plex |
not scanned |
Plex Media Server uses port 32400 TCP. It also uses the following ports locally (no need to forward them onto the internet):
1900 UDP - Plex DLNA Server access
3005 TCP - controlling Plex Home Theater via Plex Companion
5353 UDP - Bonjour/Avahi network discovery
8324 TCP - controlling Plex for Roku via Plex Companion
32410, 32412, 32413, 32414 UDP - current GDM network discovery
32469 TCP - Plex DLNA Server access |
| 32500 |
tcp,udp |
apps |
not scanned |
Plexamp uses port 32500/tcp for remote control
Dead Island (game) |
| 32550 |
tcp,udp |
games |
not scanned |
Dead Island |
| 32633 |
tcp |
|
not scanned |
Microsoft Edge Console |
| 32754 |
tcp |
nopen |
Members scan |
NOPEN Linux encrypted backdoor RAT (Remote Administration Tool) with shell and tunnel capabilities uses this port by default. |
| 32764 |
tcp |
applications |
not scanned |
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.
References: [CVE-2014-0659], [BID-64776], [SECUNIA-56292]
SerComm device could allow a remote attacker to execute arbitrary commands on the system, caused by the undocumented scfgmgr service acting as a backdoor when processing requests. By sending a specially-crafted request to TCP port 32764, an attacker could exploit this vulnerability to execute arbitrary commands on the system, download configuration files, obtain credentials and other sensitive information.
References: [OSVDB-106324], [XFDB-92979] |
| 32766 |
udp |
games |
not scanned |
Nascar 4 |
| 32767 |
udp |
games |
not scanned |
Nascar 4 |
| 32768 |
tcp,udp |
first-os-ports |
not scanned |
first ports typically used for outgoing connections by some Linux distros like Red Hat: see /etc/rc.d/init.d/network and /proc/sys/net/ipv4/ip_local_port_range
Nascar 4 (UDP), Joint Operations Typhoon Rising (UDP) use port 32768.
Hacker's Paradise trojan also uses port 32768 (TCP). |
| 32769 |
tcp,udp |
first-os-ports |
not scanned |
FileNet RPC (TCP)
first ports typically used for outgoing connections by some Linux distros like Red Hat: see /etc/rc.d/init.d/network and /proc/sys/net/ipv4/ip_local_port_range |
| 32770 |
tcp,udp |
first-os-ports |
not scanned |
first ports typically used for outgoing connections by some Linux distros like Red Hat: see /etc/rc.d/init.d/network and /proc/sys/net/ipv4/ip_local_port_range |
| 32778 |
tcp,udp |
applications |
not scanned |
Novell Netware is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the xdrDecodeString() function in the XNFS.NLM component when processing NFS requests. By sending a specially-crafted NFS RPC request to UDP or TCP port 32778, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
References: [CVE-2011-4191] [XFDB-71459] [EDB-18351] |
| 32779 |
udp |
applications |
not scanned |
Novell Netware is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the caller_name xdrDecodeString function in the XNFS.NLM component when processing NFS requests. By sending a specially-crafted NFS RPC request to UDP port 32779, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.
References: [BID-51352] [XFDB-72286] |
| 32791 |
tcp |
trojans |
Premium scan |
Backdoor.Acropolis [Symantec-2001-021616-0142-99] remote access trojan, affects Windows, listens on TCP ports 32791, 45673. |
| 32801 |
tcp,udp |
mlsn |
not scanned |
Multiple Listing Service Network |
| 32811 |
tcp |
retp |
not scanned |
IANA registered for: Real Estate Transport Protocol |
| 32879 |
tcp |
malware |
not scanned |
Trojan-Proxy.Win32.Ranky.gen / Unauthenticated Open Proxy - the malware listens on TCP port 32879. Third-party attackers who can connect to the infected system can relay requests from the original connection to the destination and then back to the origination system. Attackers may then be able to launch attacks, download files or port scan third party systems and it will appear as the attacks originated from that infected host.
References: [MVID-2021-0284] |
| 32887 |
tcp |
applications |
not scanned |
Ace of Spades game |
| 32912 |
tcp |
applications |
not scanned |
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.
References: [CVE-2022-29875] |
| 32914 |
tcp |
applications |
not scanned |
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable.
References: [CVE-2022-29875] |
| 32976 |
tcp |
applications |
not scanned |
Hamachi |
| 32982 |
tcp |
trojans |
not scanned |
Solaris.Wanukdoor [Symantec-2007-022810-0202-99] - a trojan horse that opens a back door on the compromised computer. |
| 33000 |
tcp |
wg-endpt-comms |
not scanned |
IANA registered for: WatchGuard Endpoint Communications |
| 33001 |
tcp,udp |
aspera |
not scanned |
Aspera uses the following ports:
33001 tcp (SSH, older versions used port 22)
33001 udp (fasp)
40001 tcp (Aspera Central)
4406 tcp (outbound logging)
Aspera servers may also have to open a range of ports for concurrent transfers, e.g. 33002-33010 udp. HTTP and/or HTTPS ports 80 and 443 are used for the web ui. |
| 33060 |
udp |
games |
not scanned |
Wolfenstein uses ports 33060-33070, developer: Raven Software |
| 33060 |
tcp |
mysqlx |
not scanned |
MySQL Database Extended Interface (IANA official) |
| 33070 |
udp |
games |
not scanned |
Wolfenstein uses ports 33060-33070, developer: Raven Software |
| 33221 |
tcp |
cortex |
not scanned |
Cortex XDR (Paloaltonetworks) uses port 33221 as the default P2P content update distribution port for their security agents
Cortex Data Lake (Paloaltonetworks) and Panorama Connect use ports 444 and 3978 for logging
|
| 33270 |
tcp |
trojan |
Premium scan |
Trinity trojan |
| 33291 |
tcp |
trojan |
Premium scan |
RemoteHak trojan |
| 33308 |
tcp |
malware |
not scanned |
Backdoor.Win32.Agent.gmug / Heap Corruption - the malware listens on TCP port 33308, third-party attackers who can reach the server can send a specially crafted payload causing a heap corruption.
References: [MVID-2021-0194] |
| 33322 |
tcp |
trojans |
Premium scan |
Trojan.Lodeight.B [Symantec-2006-012514-0019-99] - trojan horse that attempts to download a W32.Beagle variant and opens a backdoor on the compromised computer. Opens a backdoor and listens for remote commands on port 33322/tcp. |
| 33330 |
udp |
applications |
not scanned |
FMAudit - a software application for automating meters, status, and service alerts on printers, copiers and MFP's. |
| 33333 |
tcp |
trojans |
Members scan |
W32.Zotob.C@mm [Symantec-2005-081516-4417-99] - a mass-mailing worm that opens a backdoor and exploits the MS Plug and Play Buffer Overflow vulnerability (MS Security Bulletin [MS05-039]) on port 445/tcp. It connects to IRC servers and listens for remote commands on port 8080/tcp. It also opens an FTP server on port 33333/tcp. Same ports are used by the W32.Zotob.A and W32.Zotob.B variants of the worm as well.
Backdoor.Selka [Symantec-2004-111222-0435-99] - backdoor program, affects Windows, listens on port 33333.
Other trojans/backdoors that also use this port: Blakharaz, Prosiak
Port is IANA registered for Digital Gaslight Service. |
| 33334 |
udp |
games |
not scanned |
Empire Earth
IANA registered for: SpeedTrace TraceAgent Discovery |
| 33334 |
tcp |
speedtrace |
not scanned |
IANA registered for: SpeedTrace TraceAgent |
| 33335 |
tcp |
games |
not scanned |
Empire Earth |
| 33336 |
tcp |
games |
not scanned |
Empire Earth |
| 33390 |
tcp |
trojan |
Premium scan |
Unknown Trojan |
| 33434-33523 |
udp |
traceroute |
not scanned |
incoming traceroute - under Unix-like operating systems, the traceroute utility uses User Datagram Protocol (UDP) datagrams with destination port numbers from 33434 to 33534 by default. Under Windows, the tracert command sends ICMP requests.
Cisco Webex Teams services uses these ports:
443,444,5004 TCP
53, 123, 5004, 33434-33598 UDP (SIP calls) |
| 33434 |
tcp,udp |
traceroute |
Premium scan |
Cisco Spark application (Cisco Webex Teams services) uses these ports:
443, 8443 TCP - signaling
5004 TCP/UDP - media
33434 TCP/UDP - media port
Note: older versions of Cisco Webex Teams services may use these additional ports: 53, 123, 444 TCP and 33434-33598 UDP (SIP calls)
Noction BGP Routers use port 33434 by default
IANA registered for: traceroute |
| 33545 |
tcp |
trojan |
Premium scan |
G.R.O.B. trojan |
| 33567 |
tcp |
trojans |
Premium scan |
Lion, T0rn Rootkit |
| 33568 |
tcp |
trojans |
Premium scan |
Lion, T0rn Rootkit |
| 33577 |
tcp |
trojan |
Members scan |
Son of PsychWard trojan |
| 33777 |
tcp |
trojan |
Members scan |
Son of PsychWard trojan
Backdoor.Win32.Psychward.c / Unauthenticated Remote Command Execution - the malware listens on TCP port 33777. Remote attackers who can reach infected systems can execute commands made available by the backdoor.
References: [MVID-2021-0218] |
| 33848 |
udp |
applications |
not scanned |
Jenkins Remote access API and Auto-Discovery
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848.
References: [CVE-2020-2100] |
| 33890 |
tcp |
digilent-adept |
not scanned |
IANA registered for: Adept IP protocol |
| 33911 |
tcp |
trojan |
Members scan |
Spirit 2001a trojan horse |
Vulnerabilities listed: 100 (some use multiple ports)
|
