Open Ports

the score of digital footprint events is based mostly on the ports open on that address for more information about the severity of events in flare, visit the understand event severity page below is a list of ports and their associated risk level "info" risk score these ports will generally be scored as low unless we notice additional factors such as vulnerabilities related to the service version, or expired ssl certificates 80 port 80 is the port number assigned to commonly used internet communication protocol "hypertext transfer protocol" (http) it is the port from which a computer sends and receives web client based communication and messages from a web server it is used to send and receive html pages or data 443 port 443 is the port number assigned to commonly used internet communication protocol "hypertext transfer protocol secure" (https) it is the port from which a computer sends and receives web client based communication and messages from a web server it is used to send and receive html pages or data the data transferred using this port and a properly configured and up to date ssl certificate is encrypted "low" risk score 20 port 20 is commonly associated with the file transfer protocol (ftp) for data transfer it is used by the server to send data to the client in active mode, which is one of the data exchange modes in ftp 21 port 21 is typically used for file transfer protocol (ftp) control commands and communications while the actual data transmission during a ftp session is facilitated by port 20, port 21 is responsible for sending and receiving command instructions between the client and the server 22 port 22 is the port number commonly used for ssh we score the ssh port as medium risk by default an ssh port that has a password based authentication would most likely receive a score of medium 23 port 23 is typically used for the telnet protocol, which is a network protocol used on the internet or local area networks to provide a bidirectional interactive text oriented communication facility using a virtual terminal connection 25 port 25 is typically used for the simple mail transfer protocol (smtp), which is the standard protocol for sending emails across the internet 110 port 110 is typically designated for the post office protocol (pop3) services pop3 is used by email clients to retrieve messages from an email server, enabling offline email access 135 tcp port 135 is the remote procedure call (rpc) endpoint mapper service it enables other systems to identify what services are available on a machine and on which port they can be found essentially it allows a system unfettered access to a target system 1194 port 1194 is openvpn’s official iana number and is assigned to it by openvpn 1433 port 1433 for tcp is needed to connect to the sql database instance by default, sql will attempt to use 1433 if that port is unavailable, it will automatically choose another port 1434 port 1434 is typically associated with microsoft sql server, specifically for the sql server resolution protocol (ssrp) it's used for the sql server browser service, which helps clients locate and connect to specific instances of sql server on a network 2082 port 2082 is commonly associated with the cpanel web hosting control panel cpanel is a popular web hosting management software used by many hosting providers port 2082 is used for unencrypted http access to the cpanel control panel, allowing users to manage their web hosting accounts, websites, email, and other hosting related services through a web based interface it's worth noting that unencrypted http connections are less secure than https, so it's recommended to use https (port 2083) whenever possible for secure access to cpanel 2083 port 2083 is used for https (secure http) access to cpanel, providing a more secure way to interact with the control panel compared to the unencrypted http access on port 2082 when you access cpanel via port 2083, your communication with the server is encrypted, helping to protect sensitive information and login credentials 2086 port 2086 is typically used for unencrypted http access to the whm (web host manager) control panel whm is a web hosting control panel commonly used on servers running the cpanel hosting platform whm allows server administrators to manage and configure hosting accounts, server settings, and other aspects of the hosting environment like port 2082 for cpanel, port 2086 is used for unencrypted communication, which is less secure compared to https it's recommended to use https (port 2087) whenever possible for secure access to whm to protect sensitive information and server configurations 2087 port 2087 is used for https (secure http) access to whm, providing a secure and encrypted way for server administrators to manage and configure hosting accounts, server settings, and other aspects of the hosting environment using port 2087 ensures that your communication with the whm control panel is encrypted, which is important for protecting sensitive server configurations and login credentials it's the recommended way to access whm for enhanced security 2095 port 2095 is commonly used for unencrypted http access to webmail services on a web server port 2095 is often associated with cpanel based webmail services however, please note that using unencrypted http (port 2095) for accessing email can pose security risks, as data is transmitted in plain text, potentially exposing sensitive information it's generally recommended to use https (port 2096) for secure and encrypted access to webmail to protect your email communications 2096 port 2096 is typically associated with secure access to webmail services on a web server port 2096 is used for https (secure http) access to ensure that data transmitted between the user's browser and the webmail server is encrypted and secure this encryption helps protect sensitive email communications and login credentials from potential eavesdropping or interception by unauthorized parties, making it a more secure way to access webmail compared to unencrypted http (port 2095) 5432 port 5432 is the default port for postgresql, a powerful open source relational database management system it is used for establishing connections to postgresql databases over the network when applications or clients need to interact with a postgresql database server, they often use port 5432 to establish a connection and perform various database operations 5601 port 5601 is commonly associated with kibana, which is part of the elastic stack (formerly known as the elk stack) kibana is a web based data visualization and exploration tool used for analyzing data stored in elasticsearch port 5601 is the default port for accessing the kibana web interface users can use this port to create, visualize, and interact with data dashboards, perform log and data analysis, and gain insights from their elasticsearch data 8443 port 8443 is often used for secure web communications it is commonly associated with https (http secure) traffic, which is the encrypted version of the standard http protocol used for secure web browsing port 8443 is frequently used to provide a secure web interface for various applications and services it's a standard port for secure web applications, and when you see it in a url (e g , https //example com 8443), it indicates that your communication with the website or application is encrypted for security "medium" risk score 5432 postgresql database default ports should not be open to the internet, if only because ports related to databases can attract unwanted attention from malicious actors 8080 this port is known to be used by developers when testing or prototyping it is often opened for a short amount of time, often with an http service running this port is prone to being left open by mistake 8081 this port is known to be used by developers when testing or prototyping it is often opened for a short amount of time, often with an http service running this port is prone to being left open by mistake 8888 this port is known to be used by developers when testing or prototyping it is often opened for a short amount of time, often with an http service running this port is prone to being left open by mistake "high" risk score 445 this port is commonly used by microsoft active directory (ad) services it attracts the attention of malicious actors, given the potentially very valuable information that might be behind the authentication wall 3389 rdp ports have been known to be prone to risk when available from the public internet, which is why we score this port as high by default 9200 the default port for elasticsearch is very attractive given it is a database service, and multiple vulnerabilities have been associated over the years not only to this service, but other services often used in conjunction such as kibana 139 this port is used by smb dialects that communicate over netbios netbios is a protocol used for file and print sharing under all current versions of windows while this in itself is not a problem, the way that the protocol is implemented can be there are a number of vulnerabilities associated with leaving this port open related articles