Skip to content
Security Tools

Common Ports & Services Reference

Educational guide for network ports, vulnerability risks, and firewall advice.

100% client-side: your files never leave your browser

Common Ports & Services Reference

A quick security reference guide listing standard network ports, active service protocols, vulnerability risk levels, and defensive firewall configurations.

Exposure Policy

Never expose management panels (RDP, SSH, Telnet) or databases (MySQL, Redis, MongoDB) to the public interface. Implement firewalls (iptables/UFW), secure ports with VPNs, and close unused listening ports.

Port 20, 21FTPTCP
High Risk / Critical

File Transfer Protocol. Used for transferring files between a client and a server.

Security Recommendation

Insecure by default (plain-text credentials). Replace with SFTP (Port 22) or FTPS.

Port 22SSH / SFTPTCP
Low Risk

Secure Shell. Used for secure command line access and file transfers (SFTP).

Security Recommendation

Secure, but target for brute force. Disable password logins; use key-based auth and fail2ban.

Port 23TelnetTCP
High Risk / Critical

Terminal Emulation. Unencrypted text communications for command line control.

Security Recommendation

Extremely insecure. Disable immediately and use SSH (Port 22) instead.

Port 25SMTPTCP
Medium Risk

Simple Mail Transfer Protocol. Used for email transmission between mail servers.

Security Recommendation

Vulnerable to spam injection. Enforce TLS; use port 587/465 with auth for client submissions.

Port 53DNSTCP/UDP
Medium Risk

Domain Name System. Translates domain names to IP addresses.

Security Recommendation

Target for DNS spoofing/amplification DDoS attacks. Keep server patched; restrict recursive queries.

Port 80HTTPTCP
Medium Risk

Hypertext Transfer Protocol. Standard protocol for transferring unencrypted web pages.

Security Recommendation

Unencrypted traffic. Configure permanent redirect (301) to HTTPS (Port 443).

Port 110POP3TCP
Medium Risk

Post Office Protocol v3. Used by email clients to retrieve messages from a mail server.

Security Recommendation

Plaintext credentials. Use POP3S (Port 995) with SSL/TLS encryption instead.

Port 123NTPUDP
Medium Risk

Network Time Protocol. Synchronizes system clocks across network devices.

Security Recommendation

Often target for NTP reflection DDoS attacks. Disable monlist feature; restrict access lists.

Port 143IMAPTCP
Medium Risk

Internet Message Access Protocol. Allows email client tools to synchronize mail folders.

Security Recommendation

Unencrypted transmission. Replace with IMAPS (Port 993) for encrypted connections.

Port 161, 162SNMPTCP/UDP
High Risk / Critical

Simple Network Management Protocol. Monitors and configures network hardware elements.

Security Recommendation

Default community strings (e.g. 'public') leak hardware setups. Use SNMPv3 with auth & privacy.

Port 443HTTPSTCP
Low Risk

Hypertext Transfer Protocol Secure. Web communication encrypted via TLS.

Security Recommendation

Secure. Ensure weak ciphers are disabled (e.g. SSLv3, TLS 1.0, 1.1). Implement HSTS headers.

Port 445SMB / Active DirectoryTCP
High Risk / Critical

Server Message Block. Shared file access, printers, and system controller operations.

Security Recommendation

Vulnerable to high-impact exploits (WannaCry, EternalBlue). BLOCK port 445 at firewall WAN.

Port 1433MSSQLTCP
High Risk / Critical

Microsoft SQL Server Database. Storage engine and listener query entry point.

Security Recommendation

Never expose to public internet. Restrict connections to specific client IP addresses or VPN.

Port 1521Oracle DBTCP
High Risk / Critical

Oracle Database Default Listener port.

Security Recommendation

High-risk target. Keep firewalled; use secure transport network configurations.

Port 3306MySQLTCP
High Risk / Critical

MySQL Database query port.

Security Recommendation

Do not expose publicly. Bind MySQL to local loopback (127.0.0.1) and route remote sessions via SSH tunnels.

Port 3389RDPTCP/UDP
High Risk / Critical

Remote Desktop Protocol. Remote control client for Windows operating systems.

Security Recommendation

Extremely targeted by ransomware. Place behind VPN/Gateway; enforce multi-factor authentication.

Port 5432PostgreSQLTCP
High Risk / Critical

PostgreSQL Database listener port.

Security Recommendation

Restrict access lists in pg_hba.conf; require client SSL certificates for client connections.

Port 6379RedisTCP
High Risk / Critical

Redis In-Memory Key-Value database query port.

Security Recommendation

Highly vulnerable. By default has no auth. Never expose to public interface. Enforce strong password.

Port 8080HTTP Alternative / TomcatTCP
Medium Risk

Alternative HTTP. Commonly used for local dev environments, proxies, and application dashboards.

Security Recommendation

Check application admin pages. Often lacks HTTPS configuration. Secure panels with proper auth/TLS.

Port 27017MongoDBTCP
High Risk / Critical

MongoDB NoSQL Database portal.

Security Recommendation

Easy ransomware target if exposed without credentials. Bind listener strictly to localhost / private VPC.