In cybersecurity, the term open port refers to a TCP or UDP port number that is configured to accept packets. In contrast, a port that rejects connections or ignores all packets is a closed port.
Ports are an integral part of the Internet communication model. All communication over the Internet is exchanged through ports. Each IP address contains two types of ports, UDP and TCP ports, and there are up to 65,535 of each for any given IP address.
Internet-dependent services (such as web browsers, web pages, and file transfer services) rely on specific ports to receive and transmit information. Developers use file transfer protocols (FTP) or SSH to run encrypted tunnels through computers to share information between hosts.
Once a service runs on a particular port, it cannot run other services on it. For example, starting Apache after you have started Nginx on port 80 will cause a failed operation because the port is already in use.
Open ports
become dangerous when legitimate services are exploited through security vulnerabilities or malicious services are introduced into a system through malware or social engineering, cybercriminals can use these services along with open ports to gain unauthorized access to sensitive data.
Closing unused ports reduces security risk by reducing the number of attack vectors your organization is exposed to.
5 Free
Open Port Check Tools There
are free tools available that can
help you identify if your sensitive resources are exposed through open ports
.
Listed below are 5 free open port testers and scanners that you can start using today
.
1
. Nmap
Nmap (short for Network Mapper) is one of the most popular free open source port scanning tools available. It offers many different port scanning techniques, including semi-open TCP scans.
Download
Nmap
Nmap can be downloaded for free by clicking here
.
2
. Wireshark
Wireshark is a free network sniffing tool that is used to detect malicious activity in network traffic. This tool can also be used to detect open ports.
Download
Wireshark
Wireshark can be downloaded for free by clicking here
.
3.
Angry IP Scanner
Angry IP scanner is a free network scanner that offers a set of network monitoring tools.
Download Angry IP Scanner
Angry IP Scanner
can be downloaded for free by clicking here
.
4
. NetCat NetCat
is a free port scanning tool that uses the TCP/IP protocol over different connections
.
Download
NetCat
NetCat can be downloaded for free by clicking here
.
5.
Advanced IP Scanner
The Advanced IP Scanner is a Windows solution that can scan IP addresses and ports.
Download Advanced IP Scanner
Advanced IP Scanner
can be downloaded for free by clicking here
. Are open ports dangerous? There is a common misconception that an
open
port is dangerous. This is largely due to a lack of understanding of how open ports work, why they are open, and which should not be open.
A quick Google search will produce hundreds of pages suggesting you should close open ports. And this advice is often appropriate, but it is not entirely accurate to say that an open port is dangerous.
As described above, open ports are required to communicate over the Internet
.
Open ports can be dangerous when the service listening on the port is misconfigured, unpatched, vulnerable to exploits, or has poor network security rules. Of particular danger are worm ports that are open by default on some operating systems, such as the SMB protocol that was exploited by a zero-day exploit called EternalBlue that resulted in the WannaCry ransomware worm.
Open ports
aren’t dangerous by default, but it’s what you do with open ports at the system level, and what services and applications are exposed on those ports, which should prompt people to label them as dangerous or not
.
The reason people ask for closed ports is because fewer open ports reduces the attack surface.
Why do attackers look for open ports?
Attackers use open ports to find potential exploits. To run a vulnerability, an attacker must find a vulnerability.
To
find a vulnerability, the attacker needs to take a fingerprint of all services running on a machine, including the protocols it uses, which programs implement them, and, ideally, the versions of those programs
.
To do this, attackers commonly rely on finding a publicly accessible port through port scanning.
For example, nmap will take fingerprints and report software and applications running on a server, sometimes with version information. Outdated versions may have publicly known vulnerabilities (such as those listed in CVE), which can be targeted by software such as metasploit.
What are common open ports?
There are many port scanners, some built for specific tasks, others included in continuous security monitoring tools. No matter how you use them, understand that port scanning is a must for discovering open ports.
In addition, different operating systems will also have a number of default ports open. Windows, OS X, and Linux run different main daemons, so an open port on one could be closed on another.
The most common ports are:
FTP
(21)
FTP or File Transfer Protocol is used to transfer files over the Internet.
SSH (22) SSH
or
Secure Shell performs the task of remotely connecting to a server or host, allowing you to execute a series of commands and move files. Telnet (23)
Telnet establishes a connection between a server and a remote computer.
SMTP
(25)
SMTP or Simple Mail Transfer Protocol ensures that e-mail messages communicate over the network securely.
WHOIS (43) Used to obtain ownership record of domain names and IP addresses
DNS (53)
DNS or Domain Name System uses relational databases to link the host names of computers or networks to their respective
IP addresses.
DHCP
(67, 68)
DHCP or Dynamic Host Configuration Protocol automatically assigns IP address-related information to clients on a network. This information can be composed of subnet mask, IP address, etc. Port 67 performs the task of accepting DHCP address requests and sending data to the server, while port 68 responds to all DHCP requests and forwards the data to the client.
TFTP (69)
TFTP or Trivial File Transfer Protocol is a simple file transfer protocol that allows a client to obtain a file or place it on a remote host. One of its main uses is in the early stages of nodes booting from a local area network.
HTTP (80
)
Assigned to web servers and directly associated with Hypertext Transfer Protocol. POP3 (110) E-mail clients use POP3 or the Post Office Protocol to retrieve data from remote e-mail servers. SFTP (115)
SFTP, or Secure File Transfer Protocol, is a separate protocol packaged with SSH that works similarly over a secure connection IMAP (143) IMAP or Internet Message Access Protocol retrieves emails from a remote server without downloading the email. SNMP (161)
SNMP or Simple Network Management Protocol is used to collect and organize information about managed devices on IP networks and to modify that information to change the behavior of the device.
HTTPS (443
)
Allows you to connect to the Internet by establishing a secure connection between web pages and your browser. LPD (515) LPD or Line Printer Daemon Protocol is a network printing protocol for sending jobs to a remote printer. rsync (873)
RYSNC is used to transfer and synchronize files between a computer and an external hard drive, and between networked computers by comparing modification times and file sizes.
IMAP SSL (993) IMAP protocol that supports SSL encryption. POP3 SSL (
955
)
A POP3 protocol that supports SSL encryption. SOCKS (1080) SOCKS or SOCKet Secure is an Internet protocol that exchanges network packets between a client and a server through a proxy server. Proxy (3128)
Currently the port is often used by proxies.
MySQL (3306) Used by MySQL databases. RDP (
3389
)
RDP or Remote Desktop Protocol establishes a connection to a remote computer, allowing you to access it from anywhere in the world. PostgreSQL (5432) Used by PostgreSQL databases. VNC (5900)
A graphical desktop sharing system that uses the Remote Frame Buffer (RFB) protocol to remotely control another computer.
TeamViewer (5938)
A proprietary software application for remote control, desktop sharing, online meetings, web conferencing, and file transfer between computers.
HTTP
(8080)
An alternate port for HTTP.
How do open ports affect confidentiality, integrity, and availability?
Open ports can
affect the confidentiality, integrity, and availability of your organization
:
- Confidentiality: Open ports, and the programs that listen and respond to them, can reveal information about the system or network architecture. They can filter banners, software versions, content, the existence of the system itself, and what kind of system it is.
- Integrity: Without open port controls, the software can open any candidate port and immediately communicate without hindrance. This is often relied upon for legitimate programs as well as different types of malware.
- Availability: The network and services running on open ports continue to process incoming traffic, even if the requests are invalid. This can result in denial of service attacks.
How can I monitor my open ports?
In a small network with relatively few IP addresses, finding and closing open ports is not a huge task. However, as you probably know, on larger networks with a stream of content from new devices, monitoring and managing open ports can be time-consuming.
In addition to the ports themselves, the underlying services that
use those ports should also be monitored
.
The good news is that these open ports and services face the public internet, so they can be scanned by continuous monitoring technology like UpGuard’s security ratings platform.
Our platform explicitly verifies nearly 200 services running on thousands of ports and reports on any services we can’t identify, as well as any open ports with no services detected.