Port Scanner Info

File Transfer Protocol - data transfer channel

Unencrypted data transfer. Use SFTP (port 22) or FTPS (port 990) instead.

File Transfer Protocol - command/control channel

Credentials sent in plaintext. Use SFTP or FTPS for secure file transfer.

Secure Shell - encrypted remote login and file transfer

Encrypted protocol. Use key-based authentication and disable root login.

Unencrypted remote terminal access

Completely unencrypted. Never use - replace with SSH (port 22).

Simple Mail Transfer Protocol - email sending

Often used unencrypted. Use port 587 with STARTTLS or port 465 with TLS.

WHOIS domain registration lookup

Read-only protocol. Be aware of data returned in queries.

Domain Name System - name resolution

Queries are typically unencrypted. Consider DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT).

Dynamic Host Configuration Protocol - server side

Vulnerable to rogue DHCP server attacks. Use DHCP snooping on managed switches.

Dynamic Host Configuration Protocol - client side

Client-side DHCP. Ensure network is trusted.

Trivial File Transfer Protocol - simple file transfer

No authentication or encryption. Only use on isolated/trusted networks.

Hypertext Transfer Protocol - unencrypted web traffic

Unencrypted web traffic. Always redirect to HTTPS (port 443).

Kerberos authentication system

Strong authentication protocol. Keep implementation patched and updated.

Post Office Protocol v3 - email retrieval

Passwords sent in plaintext. Use POP3S (port 995) with TLS.

Network News Transfer Protocol - Usenet

Generally unencrypted. Use NNTPS (port 563) if needed.

Network Time Protocol - time synchronization

Can be exploited for DDoS amplification. Use NTS (Network Time Security) where possible.

Microsoft Remote Procedure Call

Common target for worms. Block from external access with firewall.

NetBIOS Name Service

Can leak system information. Block from external networks.

NetBIOS Datagram Service

Can be exploited for information gathering. Block externally.

NetBIOS Session Service - Windows file sharing

Major attack vector. Block from internet. Use port 445 with SMBv3 instead.

Internet Message Access Protocol - email retrieval

Can be unencrypted. Always use IMAPS (port 993) with TLS.

Simple Network Management Protocol

SNMPv1/v2c use community strings (plaintext). Use SNMPv3 with authentication.

SNMP Trap messages

Same concerns as SNMP. Use SNMPv3 for trap receivers.

Border Gateway Protocol - internet routing

Critical infrastructure protocol. Use MD5 authentication and RPKI.

Internet Relay Chat

Typically unencrypted. Use IRC with TLS (port 6697) if needed.

Lightweight Directory Access Protocol

Often unencrypted. Use LDAPS (port 636) or STARTTLS.

HTTP Secure - encrypted web traffic

Standard for secure web traffic. Use TLS 1.2+ and strong cipher suites.

Server Message Block - Windows file/printer sharing

Target of many exploits (WannaCry, EternalBlue). Use SMBv3, block from internet.

SMTP over TLS - secure email sending

Implicit TLS for SMTP. Preferred for secure email submission.

System logging protocol

Unencrypted and unauthenticated. Use Syslog over TLS (port 6514).

Line Printer Daemon - printing

Legacy printing protocol. Use IPP (port 631) with TLS instead.

Kerberos login

Largely deprecated. Use SSH with Kerberos authentication.

Kerberos remote shell

Largely deprecated. Use SSH instead.

Apple Filing Protocol - macOS file sharing

Deprecated by Apple in favor of SMB. Migrate to SMBv3.

Real Time Streaming Protocol

Often unencrypted. Use RTSPS where possible. Common in IP cameras.

Email submission with STARTTLS

Standard port for authenticated email submission with STARTTLS.

Internet Printing Protocol - CUPS

Restrict access to trusted networks. Enable TLS for IPPS.

LDAP over TLS/SSL

Encrypted LDAP. Preferred over plain LDAP (port 389).

Remote file synchronization

Can be unencrypted. Run rsync over SSH for encryption.

IMAP over TLS/SSL - secure email retrieval

Encrypted IMAP. Always use this instead of plain IMAP (port 143).

POP3 over TLS/SSL - secure email retrieval

Encrypted POP3. Always use this instead of plain POP3 (port 110).

SOCKS proxy protocol

Ensure authentication is required. Can be abused as open proxy.

OpenVPN - VPN tunnel

Well-regarded VPN solution. Use strong ciphers and certificate authentication.

Microsoft SQL Server database

Never expose to internet. Use encrypted connections and strong authentication.

Microsoft SQL Server Browser Service

Can reveal SQL instances. Disable if not needed or block externally.

Oracle Database default listener

Never expose to internet. Use Oracle Net encryption.

Point-to-Point Tunneling Protocol - VPN

Known cryptographic weaknesses. Use OpenVPN or WireGuard instead.

Network File System

Use NFSv4 with Kerberos authentication. Never expose to internet.

cPanel web hosting control panel (HTTP)

Unencrypted. Use port 2083 (HTTPS) instead.

cPanel web hosting control panel (HTTPS)

Encrypted cPanel access. Restrict to admin IPs.

MySQL / MariaDB database server

Never expose to internet. Use SSL/TLS connections and strong passwords.

Remote Desktop Protocol - Windows remote access

Major ransomware target. Use VPN + NLA + MFA. Never expose directly to internet.

Session Traversal Utilities for NAT

Used for WebRTC. Ensure proper authentication on TURN servers.

Alternative HTTPS / Pharos Notify

Often used as alternative HTTPS port. Verify what service is running.

Session Initiation Protocol - VoIP signaling

Unencrypted SIP. Use SIPS (port 5061) with TLS.

SIP over TLS - secure VoIP signaling

Encrypted SIP. Preferred for VoIP deployments.

PostgreSQL database server

Never expose to internet. Use SSL, strong passwords, and pg_hba.conf.

Advanced Message Queuing Protocol (RabbitMQ)

Use AMQPS (port 5671) for encrypted connections.

Virtual Network Computing - remote desktop

Weak encryption. Always tunnel through SSH or VPN.

Apache CouchDB database

Requires authentication configuration. Never expose without auth.

Redis in-memory data store

No authentication by default. Enable AUTH, rename dangerous commands, bind to localhost.

Kubernetes API server

Critical infrastructure endpoint. Use RBAC, network policies, and audit logging.

Internet Relay Chat with encryption

Encrypted IRC. Preferred over plain IRC (port 194).

HTTP alternative / proxy server / development

Common for proxies and dev servers. Not inherently secure - add TLS if production.

HTTPS alternative / Tomcat SSL

Common alternative HTTPS port. Ensure proper TLS configuration.

Alternative HTTP / Jupyter Notebook

Common for development. Secure Jupyter with password and HTTPS.

Prometheus monitoring / Cockpit

Restrict access to internal networks. Exposes system metrics.

Elasticsearch REST API

No auth by default. Enable X-Pack security. Never expose to internet.

Elasticsearch inter-node communication

Internal communication port. Block from external access.

Git protocol (unencrypted)

No authentication or encryption. Use SSH (port 22) or HTTPS (port 443) for Git.

Memcached distributed caching

No authentication. Bind to localhost only. UDP can be exploited for DDoS.

MongoDB NoSQL database

Enable authentication (disabled by default). Never expose to internet without auth.

MongoDB shard server

Internal MongoDB port. Restrict to cluster network.

MongoDB config server

Internal MongoDB port. Restrict to cluster network.

MySQL X Protocol / Document Store

MySQL extended protocol. Same security practices as port 3306.

WireGuard VPN

Modern, fast VPN with strong cryptography. Keep keys secure.