Regardless of being a red or blue security expert, knowing which are the most commonly hacked ports can save you precious time in scanning and securing those ports or identifying potential port vulnerabilities in a system.
From a networking perspective, there are a total of 65536 TCP ports and the same number of UDP ports in a computer.
The TCP and UDP ports ranging from 0 to 1023 are used for various common services such as HTTP, DNS, FTP, SMTP, and so on. The ports ranging between 1024 to 49151 consist of registered ports and from 49152 to 65535 the ports are allocated dynamically. The full list of TCP and UDP port assignments can be found HERE.
Out of this rather high amount of TCP and UDP ports available in a system, some ports are exploited by attackers more than others.
For your convenience, here are the most commonly hacked ports, including the service and the communication protocol used for each. Remember that quite a few ports in the list below are known to be frequently used by various malware to compromise a system.
|Port Number||Protocol[s]||Port Service|
|20||TCP||FTP [File Transfer Protocol]|
|25||TCP||SMTP [Simple Mail Transfer Protocol]|
|53||UDP||DNS [Domain Name System]|
|69||UDP||TFTP [Trivial File Transfer Protocol]|
|80||UDP||HTTP [Hyptertext Transfer Protocol]|
|110||TCP||POP3 [Post Office Protocol v.3]|
|111||TCP, UDP||SUN.RPC [Remote Procedure Calls]|
|135||TCP, UDP||RDC/DCE [Endpoint Mapper] – Microsoft networks|
|137-139, 445||TCP, UDP||NetBIOS over TCP/IP|
|161||TCP, UDP||SNMP [Simple Network Management Protocol]|
|443||TCP||HTTPS [HTTP over TLS]|
|512-514||TCP||Barkley r-services and r-commands [e.g., rlogin, rsh, rexec]|
|1433||TCP, UDP||Microsoft SQL Server [ms-sql-s]|
|1434||TCP, UDP||Microsoft SQL Monitor [ms-sql-m]|
|1723||TCP||Microsoft PPTP VPN|
|3389||TCP||Windows Terminal Server|
Though the number of commonly hacked ports has constantly grown in the past years, it is important to keep in mind that most attackers are looking first in probing ports 22 [SSH] and 80 [HTTP].
For instance, port 22 [SSH] is a common port constantly probed by hackers on the Internet using brute force attacks. It is paramount to set a long and complex password for your SSH otherwise your private key can be hacked quite quickly using a brute force attack tool such as Hydra.
Port 80 [HTTP] and 443 [HTTPS] are also commonly probed for vulnerabilities. Here a range of exploits can be used to compromise a system such as SQL injection, Shellshock/CGI, or PHP. Often ports 80 and 443 are used to compromise CMS systems such as Joomla, WordPress, Drupal, etc.
It is important to add that hackers cannot simply open ports on your system. Attackers usually use various techniques to compromise a system, such as:
- Hacking vulnerable ports, for instance, ports with services that are not up-to-date.
- Trojans downloaded from the Internet and used to open back-doors in a system. The attacker then installs a rootkit to access the system even if the admin consequently changes the password.
- Passive reconnaissance and tools such as theHarvester that generates lists of potential passwords used in brute force attacks.
NOTE: these hacking techniques will only work if a system is not protected by a firewall or if the firewall is not configured correctly.
Various tools can be used to scan the most commonly hacked ports for vulnerabilities. Some of the most notable tools are NMAP, Angry IP Scan, Unicornscan, or Zenmap [NMAP with a GUI].
Checking your servers or websites constantly for vulnerabilities should be routine if you really value your data.
Kali Linux – a free Debian-based Linux distribution contains a large array of tools used to scan and exploit systems and is frequently used by penetration testers, digital forensics as well as gray and black-hat hackers for malicious purposes.
You can use NMAP to scan any port [TCP/UDP] including the most commonly hacked ports on your machine and see if your system is at risk of being compromised by hackers.