Open Ports
The score of digital footprint events is based mostly on the ports open on that address. For more information about the severity of Events in Flare, visit the Understand Event Severity page. Below is a list of ports and their associated risk level:
These ports will generally be scored as Low unless we notice additional factors such as vulnerabilities related to the service version, or expired SSL certificates.
Port 80 is the port number assigned to commonly used internet communication protocol "Hypertext Transfer Protocol" (HTTP). It is the port from which a computer sends and receives web client-based communication and messages from a web server. It is used to send and receive HTML pages or data.
Port 443 is the port number assigned to commonly used internet communication protocol "Hypertext Transfer Protocol Secure" (HTTPS). It is the port from which a computer sends and receives web client-based communication and messages from a web server. It is used to send and receive HTML pages or data. The data transferred using this port and a properly configured and up to date SSL certificate is encrypted.
Port 20 is commonly associated with the File Transfer Protocol (FTP) for data transfer. It is used by the server to send data to the client in active mode, which is one of the data exchange modes in FTP
Port 21 is typically used for File Transfer Protocol (FTP) control commands and communications. While the actual data transmission during a FTP session is facilitated by Port 20, Port 21 is responsible for sending and receiving command instructions between the client and the server.
Port 22 is the port number commonly used for SSH. We score the SSH port as Medium risk by default. An SSH port that has a password-based authentication would most likely receive a score of Medium.
Port 23 is typically used for the Telnet protocol, which is a network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection.
Port 25 is typically used for the Simple Mail Transfer Protocol (SMTP), which is the standard protocol for sending emails across the internet.
Port 110 is typically designated for the Post Office Protocol (POP3) services. POP3 is used by email clients to retrieve messages from an email server, enabling offline email access.
TCP port 135 is the Remote Procedure Call (RPC) Endpoint Mapper service. It enables other systems to identify what services are available on a machine and on which port they can be found. Essentially it allows a system unfettered access to a target system.
Port 1194 is OpenVPN’s official IANA number and is assigned to it by OpenVPN.
Port 1433 for TCP is needed to connect to the SQL database instance. By default, SQL will attempt to use 1433. If that port is unavailable, it will automatically choose another port.
Port 1434 is typically associated with Microsoft SQL Server, specifically for the SQL Server Resolution Protocol (SSRP). It's used for the SQL Server Browser service, which helps clients locate and connect to specific instances of SQL Server on a network.
Port 2082 is commonly associated with the cPanel web hosting control panel. cPanel is a popular web hosting management software used by many hosting providers. Port 2082 is used for unencrypted HTTP access to the cPanel control panel, allowing users to manage their web hosting accounts, websites, email, and other hosting-related services through a web-based interface. It's worth noting that unencrypted HTTP connections are less secure than HTTPS, so it's recommended to use HTTPS (port 2083) whenever possible for secure access to cPanel.
Port 2083 is used for HTTPS (secure HTTP) access to cPanel, providing a more secure way to interact with the control panel compared to the unencrypted HTTP access on port 2082. When you access cPanel via port 2083, your communication with the server is encrypted, helping to protect sensitive information and login credentials.
Port 2086 is typically used for unencrypted HTTP access to the WHM (Web Host Manager) control panel. WHM is a web hosting control panel commonly used on servers running the cPanel hosting platform. WHM allows server administrators to manage and configure hosting accounts, server settings, and other aspects of the hosting environment.
Like port 2082 for cPanel, port 2086 is used for unencrypted communication, which is less secure compared to HTTPS. It's recommended to use HTTPS (port 2087) whenever possible for secure access to WHM to protect sensitive information and server configurations.
Port 2087 is used for HTTPS (secure HTTP) access to WHM, providing a secure and encrypted way for server administrators to manage and configure hosting accounts, server settings, and other aspects of the hosting environment. Using port 2087 ensures that your communication with the WHM control panel is encrypted, which is important for protecting sensitive server configurations and login credentials. It's the recommended way to access WHM for enhanced security.
Port 2095 is commonly used for unencrypted HTTP access to webmail services on a web server. Port 2095 is often associated with cPanel-based webmail services. However, please note that using unencrypted HTTP (port 2095) for accessing email can pose security risks, as data is transmitted in plain text, potentially exposing sensitive information. It's generally recommended to use HTTPS (port 2096) for secure and encrypted access to webmail to protect your email communications.
Port 2096 is typically associated with secure access to webmail services on a web server. Port 2096 is used for HTTPS (secure HTTP) access to ensure that data transmitted between the user's browser and the webmail server is encrypted and secure. This encryption helps protect sensitive email communications and login credentials from potential eavesdropping or interception by unauthorized parties, making it a more secure way to access webmail compared to unencrypted HTTP (port 2095).
Port 5432 is the default port for PostgreSQL, a powerful open-source relational database management system. It is used for establishing connections to PostgreSQL databases over the network. When applications or clients need to interact with a PostgreSQL database server, they often use port 5432 to establish a connection and perform various database operations.
Port 5601 is commonly associated with Kibana, which is part of the Elastic Stack (formerly known as the ELK Stack). Kibana is a web-based data visualization and exploration tool used for analyzing data stored in Elasticsearch. Port 5601 is the default port for accessing the Kibana web interface. Users can use this port to create, visualize, and interact with data dashboards, perform log and data analysis, and gain insights from their Elasticsearch data.
Port 8443 is often used for secure web communications. It is commonly associated with HTTPS (HTTP Secure) traffic, which is the encrypted version of the standard HTTP protocol used for secure web browsing. Port 8443 is frequently used to provide a secure web interface for various applications and services. It's a standard port for secure web applications, and when you see it in a URL (e.g., https://example.com:8443), it indicates that your communication with the website or application is encrypted for security.
Postgresql database default ports should not be open to the internet, if only because ports related to databases can attract unwanted attention from malicious actors.
This port is known to be used by developers when testing or prototyping. It is often opened for a short amount of time, often with an HTTP service running. This port is prone to being left open by mistake.
This port is known to be used by developers when testing or prototyping. It is often opened for a short amount of time, often with an HTTP service running. This port is prone to being left open by mistake.
This port is known to be used by developers when testing or prototyping. It is often opened for a short amount of time, often with an HTTP service running. This port is prone to being left open by mistake.
This port is commonly used by Microsoft Active Directory (AD) services. It attracts the attention of malicious actors, given the potentially very valuable information that might be behind the authentication wall.
RDP ports have been known to be prone to risk when available from the public internet, which is why we score this port as high by default.
The default port for ElasticSearch is very attractive given it is a database service, and multiple vulnerabilities have been associated over the years not only to this service, but other services often used in conjunction such as Kibana.
This port is used by SMB dialects that communicate over NetBIOS. NetBIOS is a protocol used for File and Print Sharing under all current versions of Windows. While this in itself is not a problem, the way that the protocol is implemented can be. There are a number of vulnerabilities associated with leaving this port open.