Ports are a fundamental part of the internet’s communication model. All communication on the internet is exchanged via ports. Every IP address contains two kinds of ports, TCP and UDP ports, and there can be up to 65,535 of each for any given IP address.
Any service that uses the internet (web pages, web browsers and file transfer services) rely on specific ports to receive and transmit information. Developers use SSH or file transfer protocols (FTPs) to run encrypted tunnels across computers to share information between hosts. Once one service is running on a port, you can’t run another service on it.
What is an open port?
The term open port refers to a UDP or TCP port number that is configured to accept packets. On the flip side, a port that ignores all packets or rejects connections is a closed port. Open ports can become extremely dangerous when exploited by malicious services or security vulnerabilities once introduced to a system via social engineering or malware.
What ports do hackers use?
Hackers do not have a preference for which ports they use. They will use port scans to identify ports to open. Commonly targeted ports include widely used programs by network teams for remote administration, web applications, file transfer services, conferencing software and common remote connectivity.
By closing unused ports, your security risk is dramatically reduced and will decrease the number of attack vectors your business is exposed to. With that in mind, let’s take a closer look at how to identify an open port and how to prevent vulnerabilities from being exploited.
Why do cyber criminals scan for open ports?
Are open ports safe?
Open ports aren’t unsafe by default, but it’s what you do with the open ports at a system level, and what services and apps are exposed on those ports, that make them susceptible to hackers. Closed ports, when necessary, reduce your attack surface.
Cybercriminals use open ports to gain unauthorised access to sensitive data. Open ports cause a significant cybersecurity risk.
Malicious actors use open ports to find possible exploits. To run an exploit, the hacker must find a vulnerability (read more about vulnerability management tools). To find a vulnerability, the malicious actor must fingerprint the services that run on a machine, including the protocols it uses and which programs (and the version) implement them.
To conduct the above, malicious actors normally rely on finding a publicly accessible port via port scanning. Nmap, for example, will fingerprint and report applications and software found running on a server, often with version information. Older versions may already have publicly known vulnerabilities listed on CVE, which software such as metasploit can attack.
Commonly used ports
Below are two of the most commonly used ports. Let’s take a closer look at what they are and how they could affect your business.
Port numbers 0 to 1023 are reserved for common TCP/IP applications, known as well-known ports. Well-known ports allow client applications to locate the corresponding server application processes on other hosts.
Dynamic/private ports are assigned to a service or process at the time the port is needed, usually when starting. When assigning private ports, the OS can use any ports available from the ports designated for this purpose.
What is port forwarding?
Port forwarding, also known as port mapping, is an application of network address translation that redirects a communication request from a port number and one address combination to another while the packets are traversing a network gateway, such as a firewall or router.
Port forwarding occurs by creating an association between a private, local area network (LAN) IP address and a router’s public, wide area network (WAN) internet protocol (IP) address for a device “attached” to the private network.
Tools to check for open ports
There are a number of tools available to check for open ports and to protect your sensitive resources. Below, we have listed five free open port checkers that you can use to better protect your business and to pinpoint ports you should close.
Nmap (Network Mapper) is the best free open-source port scanning tool. Nmap offers an array of different port scanning techniques including TCP half-open scans.
Wireshark is a free network sniffing tool used to detect malicious activity in network traffic. Wireshark can also be used to detect open ports.
Angry IP Scanner
Angry IP scanner offers a wide range of network monitoring tools. It can be used to effectively detect open ports.
NetCat uses the TCP/IP protocol across different connections. It is an effective tool for detecting open ports.
Advanced IP scanner
Advanced IP scanner is a windows solution that can analyse ports and IP addresses. It is one of the best free services currently available.
10 common open ports
Any port can be targeted by cybercriminals, but some are more susceptible to attack than others. Let’s take a closer look at the ten most common open ports.
FTP (File Transfer Protocol) is used to transfer files across the internet.
SSH (Secure Shell) carries out the task of remotely connecting to a host or server, allowing you to move files and execute a number of commands.
Telnet establishes a connection between a remote computer and a server.
SMTP (Simple Mail Transfer Protocol) ensures email messages are communicated securely over a network.
WHOIS is used to obtain the registration of ownership of IP addresses and domain names.
DNS (Domain Name System) uses relational databases to link the hostnames of networks or computers to their respective IP addresses.
DHCP (67, 68)
DHCP (Dynamic Host Configuration Protocol) automatically assigns IP address information to clients on a network.
TFTP (Trivial File Transfer Protocol) is a lockstep File Transfer Protocol that allows a client to put a file onto or get a file from a remote host.
HTTP (80) is assigned to web servers and directly associated with the Hypertext Transfer Protocol.
HTTP (8080) is an alternate port for HTTP.
How can an open port affect your business?
Open ports not only provide significant cybersecurity risks, but they can also impact the confidentiality, integrity, and availability of your business. Let’s take a closer look.
Confidentiality: Open ports, and the programs associated with them, can reveal information about the network or system architecture. They can leak software versions, banners, content, and the existence and type of the system itself.
Integrity: Software can open any candidate port and immediately communicate unhindered without open port controls. This only underlines the need to bolster cybersecurity measures within your business.
Availability: The services running on both open ports and your network still process incoming traffic, even if the requests are invalid. This can result in denial of service attacks (DoS attacks).
How to manage open ports
Open ports, unpatched systems, misconfigured software, and other vulnerabilities can be hidden in shadow IT, the cloud, and more. Businesses must utilise tools that can automatically identify areas of cyber exposure so they can be tackled in a focused effort.
RiskXchange provides a powerful AI-assisted, yet simple automated and centralised 360-degree cybersecurity risk rating management approach. We generate objective and quantitative reporting on a company’s cyber security risk and performance, which enables organisations with evolving business requirements to conduct business securely in today’s digital age.
RiskXchange states that the best way to understand and manage open ports is to determine what makes a port risky so that it can be secured. Let’s take a closer look at the four stages of how best to manage open ports.
1. Identify open ports
The first step to securing risky ports is to scan your IT stack, including any network-connected devices and applications, to determine what ports are open and whether the configurations are appropriate.
2. Understand port usage
Most businesses do not need to have every port open. Scanning tools will be able to detect open ports and supply information about whether they are being used.
3. Pinpoint what services use ports
Different services will connect to different ports. It’s important to pinpoint what protocols or processes are using the port. If your system admin finds a protocol or process that they do not recognise, it could signal a security vulnerability.
4. Close the riskiest ports
By checking the Internet Assigned Number Authority (IANA) and/or the SANS Intrusion Detection FAQ, information will be provided about what services use which ports and which ports cybercriminals target. It will then be easier for you to secure risky ports while leaving the ones necessary still functional.
Get in touch with RiskXchange to find out more about how to secure open ports and how to prevent vulnerabilities from being exploited.