List of known TCP ports 2
List of known TCP ports - Part 1
Here is a list of known TCP ports and their default service assignments, and information about the availability of these ports and services on Windows computers:
TCP Port 135 - Location service. TCP port 135 is used by RPC (Remote Procedure Calls) and provides location services for dynamically assigned ports, to be used for RPC calls under Windows. Therefore, this port can be used by an attacker to locate Windows services and the ports they are currently mapped to. This TCP port is useful in a Windows network and should be visible to other computers in your local network, but it must blocked for computers attempting to access your local network and/or computer via the Internet. Therefore, you need to configure your firewall to block access to TCP Port 135 from the Internet.
TCP port 139 is used by the NetBIOS service, which is a network service part of Windows network, used for file and printer sharing in such a network. TCP port 139 should be open for computers within your local network, but it must be blocked from accessing via the Internet; you should configure your firewall to block this port from outside access since TCP Port 139 can be a serious security risk as NetBIOS can provide information about your computer name and workgroup, user name etc, but it can also be used by an attacker to transfer files to-from your computer. It is therefore very important to have TCP Port 139 blocked for Internet access; if you have only one computer and you are obviously not running File and Printer Sharing under a local Windows network, you should also disable the NetBIOS service on your computer, for improved security.
TCP port 143 is used by IMAP - Internet Message Access Protocol, an advanced protocol for email retrieval and delivery, that is an improved alternate to the POP3 protocol, and runs together with SMTP service in mail servers. If you are not running an IMAP server in your computer, this port should not be open.
TCP port 443 is used for HTTPS - HTTP via TLS/SSL, a protocol that provides secure authentication and web page transfers between browser clients and World Wide Web servers. This port should not be open on your computer, unless you are running a Web server that provides secure socket capabilities for incoming web page requests.
TCP port 445 is one of the most dangerous ports that you need to block from being accessed via the Internet. This port is responsible for Windows NT / 2000 Server Message Blocks services, that can be used by an attacker in various ways, including retrieval of your user accounts and passwords, as well as acquiring full control over your computer.
TCP port 1080 is responsible for the SOCKS service, a proxy-type service allowing computers to get access to the Internet via a proxy/firewall, allowing multiple computers to access the Internet on a single IP address – also known as Internet connection sharing. This port must be accessible only for computers running in the local network, and it should not be accessible for inbound traffic from the Internet as there are many cases when an improperly configured proxy server would allow attackers to get into your local network past the firewall. You should block this port from being accessed via the Internet.
TCP Port 1723 is used by PPTP (Point-to-Point Tunneling Protocol). Unless you are using virtual private networking connections, you should not leave this port open.
TCP Port 3389 is used by RDP – Remote Desktop Protocol, a protocol used in Windows computers for remote access. An attacker that has acquired your user name and password can use this port to take full control over your machine and access your desktop, in a similar way as logging on a local computer. Unless you need to control your computer from the Internet while you are not in your location, and using RDP services like Terminal Services or Remote Desktop in Windows XP, you should block this port from being accessed from the Internet.
TCP Port 5000 - UPnP (Universal Plug and Play). This port is used to communicate with UPnP devices that may be available within your network. This port can be regarded as a security risk, so you should block this port as well from being accessed over the Internet.
TCP Port 5631 is used by pcAnywhere, a remote desktop control and file transfer application. If you do not want to use pcAnywhere to access your computer from other locations, you should block this port. As a note, pcAnywhere also utilizes UDP port 5632 for data transfers.
TCP Port 5900 is used by VNC – a remote desktop utility that can be used to remotely control a Windows machine and access the desktop directly via the Internet. This application, although it is not a trojan or virus, can be detected as a security risk by antivirus programs and adware/spyware detection software, as it is sometimes used by attackers to remotely control a compromised machine. Unless you are using VNC for remotely accessing your computer via the Internet, you should block this port. As a note, VNC also makes use of the UDP port 5800 for data transfers.
TCP Port 135 - Location service. TCP port 135 is used by RPC (Remote Procedure Calls) and provides location services for dynamically assigned ports, to be used for RPC calls under Windows. Therefore, this port can be used by an attacker to locate Windows services and the ports they are currently mapped to. This TCP port is useful in a Windows network and should be visible to other computers in your local network, but it must blocked for computers attempting to access your local network and/or computer via the Internet. Therefore, you need to configure your firewall to block access to TCP Port 135 from the Internet.
TCP port 139 is used by the NetBIOS service, which is a network service part of Windows network, used for file and printer sharing in such a network. TCP port 139 should be open for computers within your local network, but it must be blocked from accessing via the Internet; you should configure your firewall to block this port from outside access since TCP Port 139 can be a serious security risk as NetBIOS can provide information about your computer name and workgroup, user name etc, but it can also be used by an attacker to transfer files to-from your computer. It is therefore very important to have TCP Port 139 blocked for Internet access; if you have only one computer and you are obviously not running File and Printer Sharing under a local Windows network, you should also disable the NetBIOS service on your computer, for improved security.
TCP port 143 is used by IMAP - Internet Message Access Protocol, an advanced protocol for email retrieval and delivery, that is an improved alternate to the POP3 protocol, and runs together with SMTP service in mail servers. If you are not running an IMAP server in your computer, this port should not be open.
TCP port 443 is used for HTTPS - HTTP via TLS/SSL, a protocol that provides secure authentication and web page transfers between browser clients and World Wide Web servers. This port should not be open on your computer, unless you are running a Web server that provides secure socket capabilities for incoming web page requests.
TCP port 445 is one of the most dangerous ports that you need to block from being accessed via the Internet. This port is responsible for Windows NT / 2000 Server Message Blocks services, that can be used by an attacker in various ways, including retrieval of your user accounts and passwords, as well as acquiring full control over your computer.
TCP port 1080 is responsible for the SOCKS service, a proxy-type service allowing computers to get access to the Internet via a proxy/firewall, allowing multiple computers to access the Internet on a single IP address – also known as Internet connection sharing. This port must be accessible only for computers running in the local network, and it should not be accessible for inbound traffic from the Internet as there are many cases when an improperly configured proxy server would allow attackers to get into your local network past the firewall. You should block this port from being accessed via the Internet.
TCP Port 1723 is used by PPTP (Point-to-Point Tunneling Protocol). Unless you are using virtual private networking connections, you should not leave this port open.
TCP Port 3389 is used by RDP – Remote Desktop Protocol, a protocol used in Windows computers for remote access. An attacker that has acquired your user name and password can use this port to take full control over your machine and access your desktop, in a similar way as logging on a local computer. Unless you need to control your computer from the Internet while you are not in your location, and using RDP services like Terminal Services or Remote Desktop in Windows XP, you should block this port from being accessed from the Internet.
TCP Port 5000 - UPnP (Universal Plug and Play). This port is used to communicate with UPnP devices that may be available within your network. This port can be regarded as a security risk, so you should block this port as well from being accessed over the Internet.
TCP Port 5631 is used by pcAnywhere, a remote desktop control and file transfer application. If you do not want to use pcAnywhere to access your computer from other locations, you should block this port. As a note, pcAnywhere also utilizes UDP port 5632 for data transfers.
TCP Port 5900 is used by VNC – a remote desktop utility that can be used to remotely control a Windows machine and access the desktop directly via the Internet. This application, although it is not a trojan or virus, can be detected as a security risk by antivirus programs and adware/spyware detection software, as it is sometimes used by attackers to remotely control a compromised machine. Unless you are using VNC for remotely accessing your computer via the Internet, you should block this port. As a note, VNC also makes use of the UDP port 5800 for data transfers.
This information is provided without any warranties of any kind. Use it at your own risk. Terms and conditions