Ports and Services

Protect your internal network from these common Internet security risks

2008 Oct 18


Protocol Port Service name Comment
TCP 21 FTP If you use FTP, incoming only
TCP 25 SMTP Block incoming or route directly to your email server
TCP/UDP 53 DNS Block incoming or route to your DNS Server
TCP/UDP 67, 68 DHCP Block incoming and outgoing
TCP/UDP 69 TFTP Highly recommended for internal use only. * **
TCP 80 WWW, HTTP Block incoming or route to your web server
TCP/UDP 88 Kerberos  
TCP 135 RPC/DCE Endpoint mapper Highly recommended for internal use only. * **
UDP 137 NetBIOS Name Service Highly recommended for internal use only. * **
UDP 138 NetBIOS Datagram Service Highly recommended for internal use only. * **
TCP 139 NetBIOS Session Service Highly recommended for internal use only. * **
TCP/UDP 389 LDAP  
TCP 443 HTTP over SSL/TLS Block this unless your web server is running SSL certs
TCP/UDP 445 Microsoft SMB/CIFS ADMINISTRATION PORT! BLOCK THIS!
TCP/UDP 464 Kerberos lpasswd  
UDP 500 Internet Key Exchange, IKE (IPSec) Block this unless using VPN from outside.
TCP 593 HTTP RPC Endpoint mapper **
TCP 636 LDAP over SSL/TLS  
TCP/UDP 1433,
1434
MS SQL Server hosts data and local server scans
TCP 3268 AD Global Catalog ADMINISTRATION PORT! BLOCK THIS!
TCP 3269 AD Global Catalog over SSL ADMINISTRATION PORT! BLOCK THIS!
TCP 3389 Windows Terminal Server Highly recommended for internal use only. *
TCP/UDP 17027 AdBots Block outgoing on this port
TCP/UDP 31337 (trojan) commonly used trojan/backdoor port, such as Back Orifice
TCP 31789,
31790
(trojan) Commonly used RAT trojan ports, block incoming and outgoing.
* "Internal use only" services were originally never intended for use over the internet, and therefore are highly unsecure.
** indicates these ports are used by MS Blaster and similar worms.