21 | FTP File Transfer Protocol | Allows anonymous upload, download, brute force, and sniffing operations |
22 | SSH Remote Connection | Brute force, SSH tunneling and intranet proxy forwarding, file transfer |
23 | Telnet Remote Connection | Brute force, sniffing, weak passwords |
25 | SMTP Mail Service | Email spoofing |
53 | DNS Domain Name Server | Allows zone transfer, DNS hijacking, cache poisoning, deception, CVE-2020-1350 |
67, 68 | DHCP Service | Hijacking, deception |
69 | TFTP Trivial File Transfer Protocol | Allows anonymous upload, download, brute force, and sniffing operations |
80 | Common web service port | Web attacks, brute force, corresponding server version vulnerabilities |
80-89 | Application server port | Corresponding server version vulnerabilities |
110 | POP3 Protocol | Sniffing, brute force |
111 | NFS | Improper permission configuration |
137-138 | NetBIOS | Scanning, man-in-the-middle attacks |
139 | SAMBA Service | Brute force, unauthorized access, remote code execution |
143 | IMAP Protocol | Brute force |
161 | SNMP Protocol | Brute force, collecting target intranet information |
389 | LDAP Directory Access Protocol | Injection, allows anonymous access, weak passwords |
443 | Common web port | Web attacks, brute force, corresponding server version vulnerabilities |
445 | Microsoft-DS, for sharing open | Code execution, ms06-040, 0796, etc. |
512/513/514 | Linux rexec service | Brute force, remote login |
873 | rsync service | Anonymous access, file upload |
1194 | openvpn | Phishing VPN accounts, enter intranet |
1352 | Lotus Domino Mail Service | Weak passwords, information leakage, brute force |
1433 | MSSQL Database | Injection, privilege escalation, SA weak password, brute force |
1521 | Oracle Database | TNS brute force, injection, reverse shell |
2049 | NFS Service | Improper configuration |
2181 | ZooKeeper Service | Unauthorized access |
2375 | Docker | Unauthorized access |
3000 | Grafana | Weak passwords |
3306 | Mysql Database | Injection, privilege escalation, brute force |
3389 | RDP Remote Port Connection | Shift backdoor, brute force, ms12-020, CVE-2019-0708 |
3690 | SVN Service | SVN leakage, unauthorized access |
4848 | GlassFish Console | Weak passwords |
5000 | Sysbase/DB2 Database | Brute force, injection |
5432 | PostgreSQL Database | Brute force, injection, weak passwords |
5632 | PcAnywhere Service | Password capture, code execution |
5900 | VNC | Brute force |
5984 | CouchDB | Unauthorized access |
5985/5986 | WinRM | WinRM's http/https communication |
6379 | Redis Database | Attempt unauthorized access, weak password brute force |
6443 | Kubernetes | Weak passwords |
7001/7002 | WebLogic Console | Deserialization, weak console passwords |
8009 | Tomcat AJP Protocol | Tomcat AJP Protocol vulnerability |
8069 | Zabbix Service | Remote execution, SQL injection |
8080, 8089 | JBoss/Resin/Jetty/Jenkins/Tomcat | Deserialization, weak console passwords |
8161 | ActiveMQ | Weak passwords |
8888 | Jupyter Notebook | Unauthorized access |
9080/9081/9090 | WebSphere Console | Java deserialization, weak passwords |
9200, 9300 | Elasticsearch Service | Remote execution |
10000 | Webmin Control Panel | Weak passwords |
11211 | Memcached Service | Unauthorized access |
27017/27018 | MongoDB Database | Brute force, unauthorized access |
43958 | Serv-U | Serv-U privilege escalation, weak passwords |
50000 | SAP Management Console | Remote execution |
50050 | CS | Weak passwords |
50070/50030 | Hadoop | Weak passwords |
61616 | ActiveMQ | Weak passwords |