Back to Lessons
Popular Ports & Services

Popular Ports & Services

Understanding popular ports and their associated services is crucial for network security assessment. This lesson covers the most commonly encountered ports, their services, typical vulnerabilities, and specific NMAP commands for effective reconnaissance.

Security Focus

Learn common vulnerabilities and security considerations for each service.

NMAP Commands

Targeted scanning techniques and NSE scripts for each service.

Real-World Context

Understanding how these services are used in actual network environments.

Port Reference

Showing 18 ports
21
TCP
high Risk

FTP (File Transfer Protocol)

Used for transferring files between client and server

FTP transmits credentials in cleartext. Consider SFTP or FTPS for secure file transfers.

Common Vulnerabilities

  • Anonymous FTP access
  • Brute force attacks
  • Directory traversal
  • Buffer overflow vulnerabilities
  • Cleartext credential transmission

NMAP Commands

nmap -p 21 -sV target
nmap -p 21 --script ftp-anon target
nmap -p 21 --script ftp-bounce target
22
TCP
medium Risk

SSH (Secure Shell)

Secure remote login and command execution

Use key-based authentication, disable root login, and keep SSH updated.

Common Vulnerabilities

  • Weak authentication (brute force)
  • Default credentials
  • Outdated SSH versions
  • Weak encryption algorithms
  • Key-based authentication bypass

NMAP Commands

nmap -p 22 -sV target
nmap -p 22 --script ssh-auth-methods target
nmap -p 22 --script ssh-hostkey target
23
TCP
high Risk

Telnet

Unencrypted remote terminal access

Telnet should be replaced with SSH in all modern environments.

Common Vulnerabilities

  • Cleartext credential transmission
  • Session hijacking
  • Man-in-the-middle attacks
  • Default credentials
  • Buffer overflow vulnerabilities

NMAP Commands

nmap -p 23 -sV target
nmap -p 23 --script telnet-ntlm-info target
nmap -p 23 --script banner target
25
TCP
medium Risk

SMTP (Simple Mail Transfer Protocol)

Email transmission between servers

Configure proper authentication and disable open relay functionality.

Common Vulnerabilities

  • Open mail relay
  • SMTP injection
  • User enumeration
  • Spam and phishing
  • Authentication bypass

NMAP Commands

nmap -p 25 -sV target
nmap -p 25 --script smtp-enum-users target
nmap -p 25 --script smtp-open-relay target
53
TCP/UDP
medium Risk

DNS (Domain Name System)

Domain name resolution services

Restrict zone transfers and implement DNS security extensions (DNSSEC).

Common Vulnerabilities

  • DNS cache poisoning
  • Zone transfer attacks
  • DNS amplification attacks
  • Subdomain enumeration
  • DNS tunneling

NMAP Commands

nmap -p 53 -sU -sV target
nmap -p 53 --script dns-zone-transfer target
nmap -p 53 --script dns-cache-snoop target
80
TCP
medium Risk

HTTP (Hypertext Transfer Protocol)

Unencrypted web traffic

Use HTTPS (port 443) for sensitive data transmission.

Common Vulnerabilities

  • Cross-site scripting (XSS)
  • SQL injection
  • Directory traversal
  • Authentication bypass
  • Session hijacking

NMAP Commands

nmap -p 80 -sV target
nmap -p 80 --script http-title target
nmap -p 80 --script http-enum target
110
TCP
high Risk

POP3 (Post Office Protocol v3)

Email retrieval from server to client

Use POP3S (port 995) or IMAP with SSL/TLS encryption.

Common Vulnerabilities

  • Cleartext credential transmission
  • Brute force attacks
  • Email enumeration
  • Session hijacking
  • Buffer overflow vulnerabilities

NMAP Commands

nmap -p 110 -sV target
nmap -p 110 --script pop3-capabilities target
nmap -p 110 --script pop3-brute target
135
TCP
high Risk

RPC Endpoint Mapper

Microsoft RPC endpoint resolution

Block this port at the firewall unless required for legitimate RPC services.

Common Vulnerabilities

  • Remote code execution
  • Information disclosure
  • Service enumeration
  • Buffer overflow attacks
  • Privilege escalation

NMAP Commands

nmap -p 135 -sV target
nmap -p 135 --script rpc-grind target
nmap -p 135 --script msrpc-enum target
139
TCP
high Risk

NetBIOS Session Service

Windows file and printer sharing

Disable NetBIOS or use SMB3 with encryption for modern networks.

Common Vulnerabilities

  • Null session attacks
  • Share enumeration
  • User enumeration
  • Password attacks
  • Information disclosure

NMAP Commands

nmap -p 139 -sV target
nmap -p 139 --script smb-enum-shares target
nmap -p 139 --script smb-os-discovery target
143
TCP
medium Risk

IMAP (Internet Message Access Protocol)

Email access and synchronization

Use IMAPS (port 993) with SSL/TLS encryption for secure email access.

Common Vulnerabilities

  • Cleartext credential transmission
  • Brute force attacks
  • Email enumeration
  • Buffer overflow vulnerabilities
  • Command injection

NMAP Commands

nmap -p 143 -sV target
nmap -p 143 --script imap-capabilities target
nmap -p 143 --script imap-brute target
443
TCP
low Risk

HTTPS (HTTP Secure)

Encrypted web traffic using SSL/TLS

Use strong cipher suites, valid certificates, and latest TLS versions.

Common Vulnerabilities

  • SSL/TLS vulnerabilities
  • Weak cipher suites
  • Certificate validation issues
  • Mixed content vulnerabilities
  • Protocol downgrade attacks

NMAP Commands

nmap -p 443 -sV target
nmap -p 443 --script ssl-enum-ciphers target
nmap -p 443 --script ssl-cert target
445
TCP
high Risk

SMB (Server Message Block)

Modern Windows file sharing protocol

Keep Windows updated and use SMB3 with encryption enabled.

Common Vulnerabilities

  • EternalBlue exploit (MS17-010)
  • SMB relay attacks
  • Share enumeration
  • Credential harvesting
  • Remote code execution

NMAP Commands

nmap -p 445 -sV target
nmap -p 445 --script smb-vuln-ms17-010 target
nmap -p 445 --script smb-enum-shares target
993
TCP
low Risk

IMAPS (IMAP over SSL/TLS)

Secure email access with encryption

Ensure strong SSL/TLS configuration and certificate validation.

Common Vulnerabilities

  • SSL/TLS vulnerabilities
  • Weak cipher suites
  • Certificate validation issues
  • Authentication bypass
  • Brute force attacks

NMAP Commands

nmap -p 993 -sV target
nmap -p 993 --script ssl-enum-ciphers target
nmap -p 993 --script imap-capabilities target
995
TCP
low Risk

POP3S (POP3 over SSL/TLS)

Secure email retrieval with encryption

Use strong SSL/TLS settings and consider migrating to IMAP.

Common Vulnerabilities

  • SSL/TLS vulnerabilities
  • Weak cipher suites
  • Certificate validation issues
  • Authentication bypass
  • Protocol downgrade attacks

NMAP Commands

nmap -p 995 -sV target
nmap -p 995 --script ssl-enum-ciphers target
nmap -p 995 --script pop3-capabilities target
1433
TCP
high Risk

Microsoft SQL Server

Microsoft SQL Server database service

Use strong authentication, disable sa account, and implement network segmentation.

Common Vulnerabilities

  • SQL injection
  • Weak authentication
  • Default credentials (sa account)
  • Information disclosure
  • Privilege escalation

NMAP Commands

nmap -p 1433 -sV target
nmap -p 1433 --script ms-sql-info target
nmap -p 1433 --script ms-sql-empty-password target
3306
TCP
high Risk

MySQL Database

MySQL database server

Use strong passwords, disable remote root access, and implement proper access controls.

Common Vulnerabilities

  • Weak authentication
  • Default credentials
  • SQL injection
  • Information disclosure
  • Remote code execution

NMAP Commands

nmap -p 3306 -sV target
nmap -p 3306 --script mysql-info target
nmap -p 3306 --script mysql-empty-password target
3389
TCP
high Risk

RDP (Remote Desktop Protocol)

Windows remote desktop access

Use Network Level Authentication, strong passwords, and VPN access.

Common Vulnerabilities

  • BlueKeep vulnerability (CVE-2019-0708)
  • Brute force attacks
  • Weak authentication
  • Man-in-the-middle attacks
  • Session hijacking

NMAP Commands

nmap -p 3389 -sV target
nmap -p 3389 --script rdp-enum-encryption target
nmap -p 3389 --script rdp-vuln-ms12-020 target
5432
TCP
medium Risk

PostgreSQL Database

PostgreSQL database server

Configure proper authentication, use SSL connections, and limit network access.

Common Vulnerabilities

  • Weak authentication
  • SQL injection
  • Information disclosure
  • Privilege escalation
  • Configuration issues

NMAP Commands

nmap -p 5432 -sV target
nmap -p 5432 --script pgsql-brute target
nmap -p 5432 --script banner target

Quick Scanning Tips

Multi-Port Scanning

nmap -p 21,22,23,25,53,80,110,443 target

Scan common ports quickly

nmap --top-ports 1000 target

Scan top 1000 most common ports

Service Detection

nmap -sV -sC target

Version detection with default scripts

nmap -A target

Aggressive scan (OS, version, scripts, traceroute)

Previous: Port Scanning MethodsNext: Service Detection