A port number identifies a specific application or service on a networked device. Every internet connection uses two addresses: an IP address (which device) and a port number (which service on that device). This directory covers the most important port numbers — what they do, their security risk level, and when to close them.
Quick Reference — Most Common Ports
| Port | Service | Protocol | Risk | Status |
|---|---|---|---|---|
| 21 | FTP | File Transfer | 🔴 High | Close unless needed |
| 22 | SSH | Secure Shell | 🟡 Medium | Harden if open |
| 23 | Telnet | Remote Access | 🔴 Critical | Close immediately |
| 25 | SMTP | Email Sending | 🟡 Medium | Mail servers only |
| 53 | DNS | Domain Name System | 🟡 Medium | DNS servers only |
| 80 | HTTP | Web Traffic | 🟢 Low | OK on web servers |
| 110 | POP3 | Email Retrieval | 🔴 High | Use port 995 instead |
| 143 | IMAP | Email Access | 🔴 High | Use port 993 instead |
| 443 | HTTPS | Secure Web | 🟢 Low | Standard for websites |
| 445 | SMB | Windows File Share | 🔴 Critical | Never expose publicly |
| 3306 | MySQL | Database | 🔴 Critical | Never expose publicly |
| 3389 | RDP | Remote Desktop | 🔴 Critical | Use VPN instead |
| 6379 | Redis | Cache Database | 🔴 Critical | Never expose publicly |
Web Ports
These ports handle HTTP and HTTPS web traffic. Almost every public website uses at least port 443.
- Port 80 — HTTP: Unencrypted web traffic. Modern sites redirect this to HTTPS automatically.
- Port 443 — HTTPS: Encrypted web traffic. The standard for all public websites.
- Port 8080 — HTTP-Alt: Alternative HTTP port. Used by development servers and some proxy services.
- Port 8443 — HTTPS-Alt: Alternative HTTPS port. Used by admin panels and control panels like cPanel.
Mail Ports
Email uses separate ports for sending and receiving, and for encrypted vs unencrypted connections.
- Port 25 — SMTP: Server-to-server email delivery. Should only be open on mail servers.
- Port 465 — SMTPS: Encrypted email sending (legacy SSL). Use port 587 for new setups.
- Port 587 — SMTP/TLS: The modern standard for sending email from clients.
- Port 110 — POP3: Unencrypted email retrieval. Replace with port 995.
- Port 143 — IMAP: Unencrypted email access. Replace with port 993.
- Port 993 — IMAPS: Encrypted IMAP. The correct port for email client configuration.
- Port 995 — POP3S: Encrypted POP3. Use this instead of port 110.
Remote Access Ports
These ports allow remote control of computers and servers. They are among the most attacked ports on the internet.
- Port 22 — SSH: Secure remote command-line access. Use key-based authentication only.
- Port 23 — Telnet: Unencrypted remote access. Should never be used on modern systems.
- Port 3389 — RDP: Windows Remote Desktop. Constantly targeted by brute-force attacks. Use a VPN instead of exposing this port.
- Port 5900 — VNC: Cross-platform remote desktop. Never expose to the internet without a VPN.
- Port 1723 — PPTP: Outdated VPN tunnel protocol. Use WireGuard or OpenVPN instead.
Database Ports
Database ports should never be directly exposed to the public internet. Use SSH tunnels or a VPN for remote database access.
- Port 1433 — MSSQL: Microsoft SQL Server. Critical risk if exposed.
- Port 3306 — MySQL: MySQL/MariaDB. The most common database port — must not be internet-facing.
- Port 5432 — PostgreSQL: PostgreSQL database. Bind to localhost only.
- Port 6379 — Redis: Redis cache server. No authentication by default — critical vulnerability if exposed.
- Port 9200 — Elasticsearch: Elasticsearch REST API. Hundreds of databases have been stolen via exposed instances.
- Port 27017 — MongoDB: MongoDB database. No authentication by default on older versions.
- Port 11211 — Memcached: Memcached cache. Used in massive DDoS amplification attacks.
Network & System Ports
- Port 53 — DNS: Domain Name System. Should only be open on intentional public DNS servers.
- Port 445 — SMB: Windows file sharing. Was exploited by WannaCry ransomware. Never expose to the internet.
How to Check Which Ports Are Open on Your IP
Use the ExamineIP Port Scanner to scan your public IP address and see exactly which ports are visible from the internet. The scanner performs real TCP connection tests from an external server — showing what attackers actually see when they scan your IP.
How to Protect Open Ports
If you need remote access to your server or home network, the safest approach is to use a VPN instead of exposing ports directly:
- PureVPN — creates an encrypted tunnel to your network so you can access services without opening any ports to the internet
- IPVanish — unlimited connections, supports router-level VPN so all devices are protected
A VPN also hides your real IP address, making it much harder for attackers to identify and target your device in the first place.
Related Tools & Guides
- Port Scanner — check which ports are open on any IP
- What Is Port Forwarding? — how to safely expose ports
- How to Check Open Ports on Your Network — full guide
- What Is a Firewall? — how firewalls protect your ports
- What Is CGNAT? — why port forwarding sometimes doesn’t work