Skip to main content

List of Dangerous Open Ports


Port: 21

Explanation: This port is used for FTP (File Transfer Protocol).

Impact: This port sends its data over plain text, meaning that attackers can abuse this port to intercept and steal credentials.

Mitigation: Close port 21 or use SFTP instead.

  • Windows: Go to Windows Firewall settings and block port 21.
  • Linux: Use the command sudo ufw deny 21 to close this port.

Port: 23

Explanation: This port is used for Telnet.

Impact: Telnet sends its data, including passwords, over plain text, making it vulnerable to eavesdropping.

Mitigation: Close port 23 and use SSH instead.

  • Windows: Disable Telnet services and block port 23 in Windows Firewall.
  • Linux: Use sudo ufw deny 23 to block this port.

Port: 25

Explanation: This port is used for SMTP (Simple Mail Transfer Protocol).

Impact: Attackers can exploit this port to send spam or phishing emails if not properly secured.

Mitigation: Secure port 25 with proper authentication and spam filtering, or use alternative secure ports like 587 or 465.

  • Windows: Configure mail server settings to require authentication.
  • Linux: Use firewall rules to restrict access to port 25.

Port: 53

Explanation: This port is used for DNS (Domain Name System).

Impact: Open DNS ports can be exploited for DNS amplification attacks.

Mitigation: Secure port 53 by configuring DNS servers to prevent open recursion.

  • Windows: Configure DNS services to only allow trusted networks.
  • Linux: Use sudo ufw allow from trusted_ips to any port 53.

Port: 80

Explanation: This port is used for HTTP (Hypertext Transfer Protocol).

Impact: HTTP traffic is unencrypted, making it susceptible to eavesdropping and man-in-the-middle attacks.

Mitigation: Redirect HTTP traffic to HTTPS (port 443).

  • Windows: Configure web server settings to redirect traffic from port 80 to 443.
  • Linux: Use firewall rules to enforce HTTPS and redirect HTTP traffic.

Port: 110

Explanation: This port is used for POP3 (Post Office Protocol version 3).

Impact: POP3 can transmit email credentials in plain text, making them vulnerable to interception.

Mitigation: Use POP3S (POP3 over SSL) on port 995 instead, or prefer IMAP.

  • Windows: Configure email clients to use POP3S or IMAP.
  • Linux: Use sudo ufw deny 110 to block this port.

Port: 135

Explanation: This port is used for Microsoft RPC (Remote Procedure Call).

Impact: Vulnerabilities in RPC have been exploited in various Windows attacks.

Mitigation: Block this port unless absolutely necessary for your network.

  • Windows: Use Windows Firewall to block port 135 for external connections.
  • Linux: Use sudo ufw deny 135 to block this port.

Port: 139

Explanation: This port is used for NetBIOS Session Service.

Impact: Can be exploited for network enumeration and potential unauthorized access.

Mitigation: Disable NetBIOS over TCP/IP if not needed.

  • Windows: Disable NetBIOS over TCP/IP in network adapter settings.
  • Linux: Use sudo ufw deny 139 to block this port.

Port: 445

Explanation: This port is used for SMB (Server Message Block).

Impact: Vulnerabilities in SMB have been exploited in major ransomware attacks.

Mitigation: Keep systems updated and block this port from external access.

  • Windows: Use Windows Firewall to block port 445 for external connections.
  • Linux: Use sudo ufw deny 445 to block this port.

Port: 1433

Explanation: This port is used for Microsoft SQL Server.

Impact: Attackers can attempt to exploit vulnerabilities or weak credentials in SQL Server.

Mitigation: Restrict access to this port and use strong authentication.

  • Windows: Configure SQL Server to use strong authentication and restrict network access.
  • Linux: Use sudo ufw deny 1433 to block this port if SQL Server is not needed.

Port: 3306

Explanation: This port is used for MySQL database server.

Impact: Attackers can attempt to exploit vulnerabilities or weak credentials in MySQL.

Mitigation: Restrict access to this port and use strong authentication.

  • Windows: Configure MySQL to bind to localhost or use Windows Firewall to restrict access.
  • Linux: Use sudo ufw allow from trusted_ip to any port 3306 to allow only trusted IPs.

Port: 3389

Explanation: This port is used for Remote Desktop Protocol (RDP).

Impact: Attackers can attempt brute-force attacks or exploit RDP vulnerabilities.

Mitigation: Use a VPN for remote access instead of exposing RDP directly.

  • Windows: Use Windows Firewall to restrict RDP access to trusted IP ranges.
  • Linux: Use sudo ufw deny 3389 to block this port if RDP is not needed.
Back to top