All Collections
The UpGuard Platform
Security ratings
What services does UpGuard identify with port scanning?
What services does UpGuard identify with port scanning?

UpGuard scans for ports to identify open ports and services running on those ports.

Caitlin Postal avatar
Written by Caitlin Postal
Updated over a week ago

UpGuard identifies and monitors many services that can be exposed by open ports. We scan for open ports and, if an open port is found, attempt to identify the service that is running on that port. If we are unable to identify a service, a risk is reported as an exposed unknown service.

While open ports aren't necessarily dangerous, they can expose vulnerable services that are misconfigured, unpatched, vulnerable to exploits, or feature poor network security.

Navigate to the relevant alphabetical heading to learn if a specific service is among the services that UpGuard identifies with port scanning. You can also search for a specific phrase with CTRL+F.

Note: This list is not exhaustive. If you have questions about a service not included in this list, please contact the Customer Success team.

A - D

  • AMQP: Advanced Message Queue Protocol provides access to a queue of data.

  • AndroMouse: Android mouse and keyboard interface.

  • Apache CouchDB: an open-source NoSQL database.

  • Apache Kafka: a real-time data streaming platform.

  • Apple Airport: AirPort Wifi support service.

  • Apple RemoteDesktop: remote management for Apple products.

  • Apple RemoteDesktop VNC: remote management for Apple products using the VNC protocol.

  • Ares RAT C&C: a remote access tool with Command & Control functionality.

  • Azure WebApps: a Microsoft cloud computing platform.

  • BACnet: a communications protocol for Building Automation and Control (BAC) networks.

  • Beanstalk Daemon: a worker queue for AWS.

  • BGP: Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information.

  • Bitcoin Daemon: runs on a Bitcoin node.

  • Blackshades C&C: a malicious remote access trojan (RAT).

  • Bozok RAT C&C: a malicious remote access trojan (RAT).

  • CassandraDB: a free and open-source, distributed, wide column store, NoSQL database management system from Apache.

  • CheckPoint Firewall: retrieves hostnames for the CheckPoint firewall and management station.

  • Cisco Install: an access point for the Cisco Smart Install feature.

  • Citrix ICA: a proprietary protocol for an application server system from Citrix

  • ClamAV: an open-source antivirus engine for detecting trojans, viruses, malware, and other malicious threats.

  • CoAP: Constrained Application Protocol (CoAP) is a service layer protocol allowing nodes on a constrained network to be accessed over the internet.

  • Coffee Status: a smart coffee machine.

  • Coffee Machine: a coffee machine or kettle.

  • ConsulDiscovery: Consul is a service discovery solution.

  • Crestron SSN: Crestron is a control system for building management.

  • DarkComet Trojan: a malicious remote access trojan (RAT).

  • DarkTrack RAT: another malicious RAT.

  • DB2: IBM Db2 database server.

  • DHCP: the Dynamic Host Configuration Protocol (DHCP) server interface.

  • DHT Peer List: allows peer discovery using a distributed hash table.

  • DiCOM: an interface for handling, storing, and receiving medical imaging data.

  • Dictionary: a server using the DICT protocol.

  • Digi Realport: an internet-of-things (IoT) wifi interface service.

  • DMARC: an email authentication protocol for Domain-based Message, Authentication, and Conformance.

  • DNP3: a set of communications protocols used between components in process automation systems.

  • DNS: Domain Name System that provides communication routing for the internet.

  • Door Controller: a networked access controller for door access from VertX/Edge.

  • Dovecot Pigeonhole: support for the Sieve language (RFC 5228) and the ManageSieve protocol (RFC 5804) to the Dovecot Secure IMAP server.

  • DVR SerialNo: interface for a Dahua DVR device.

E - J

  • Echo: a service in the Internet Protocol Suite that can be used for Denial-of-Service (DoS) attacks.

  • ElasticSearch: a search engine based on the Lucene library that provides a distributed, multitenant-capable, full-text search engine with an HTTP web interface and schema-free JSON documents.

  • Erlang: a concurrent programming language and a garbage-collected runtime system.

  • ETCD: a distributed key-value store for the most critical data of a distributed system.

  • Ethereum: a cryptocurrency and a decentralized computing platform.

  • Ethernet/IP: an industrial network protocol that adapts the Common Industrial Protocol to standard Ethernet.

  • Flux LED State: control interface for a Flux LED lightbulb.

  • FTP: The File Transfer Protocol (FTP) is a standard network protocol used for data transfer.

  • FTP (Anonymous): Anonymous FTP allows remote uses to use an FTP server without user credentials.

  • Ganglia XML Grid monitor: a scalable, distributed monitoring tool for high-performance computing systems, clusters, and networks.

  • Gardasoft Controller: a high-intensity LED lighting controller.

  • Gearman queue: an open-source application framework designed to distribute appropriate computer tasks to multiple computers.

  • GE SRTP Status: GESRTP DAServer provides access to data within the GE Fanuc family of PLCs.

  • Gh0st RAT: a malicious remote access trojan (RAT).

  • git: a distributed version control system.

  • GRPS Tunnel: a group of IP-based communications protocols that carry general packet radio service (GPRS) within GSM, UMTS, and LTE networks.

  • HARTIP: allows HART automation device data to be accessed over IP networks.

  • HBaseDB: random, realtime read/write access to your big data from Apache.

  • HDD Temp: hard drive statistics information.

  • HiFly Lighting Control: the control interface of a HiFly LED lighting system.

  • HTTP: standard internet HTTP protocol.

  • HTTPS: standard, encrypted internet HTTPS protocol.

  • HSTS: a strict policy to enforce HTTPS.

  • IBM/Toshiba 4690 POS: a service for remote management of the IBM / Toshiba 4690.

  • IDENTD: an internet protocol that helps identify the user of a particular TCP connection.

  • iDevice Property List: retrieves property data from an iDevice.

  • IEC-104: a standard for telecontrol equipment and systems with coded bit serial data transmission in TCP/IP.

  • IEC-61850: an object-oriented control system protocol.

  • IKE VPN: a VPN implementation based on IKE (Internet Key Exchange).

  • IMAP: Internet Message Access Protocol (IMAP) mail service.

  • IOTA: a quantum-resistant distributed ledger protocol and digital currency.

  • IPMI: defines a set of interfaces for out-of-band management of computer systems and operations monitoring.

  • ISCSI: allows SCSI commands to be sent over TCP/IP.

  • Java RMI: Java's Remote Method Invocation interface.

K - O

  • Kerberos: a ticket-based node identity protocol for mutual authentication.

  • KilerRAT C&C: a malicious remote access trojan (RAT).

  • KNX: a manufacturer-independent protocol for networking home and building system technologies.

  • Lantronix Setup: an IoT management tool that uses serial tunneling to enables comms.

  • LDAP: a TCP/IP based directory service.

  • LDAP SSL: a TCP/IP based directory service.

  • LibreOffice Impress: allows remote control for an Impress slideshow from a mobile device.

  • Lotus Notes: various ports for Lotus Notes servers.

  • Matrikon OPC: a mechanism for reading industrial device configuration data over TCP/IP.

  • MDNS: multicast DNS service.

  • memcached: a distributed memory object caching system.

  • Meta/Facebook Pixel: a user tracking technology for Meta products.

  • Microsoft Windows RPC: Microsoft RPC (Microsoft Remote Procedure Call) is a modified version of Distributed Computing Environment / Remote Procedure Calls.

  • Minecraft: running a Minecraft server.

  • Mitsubishi EQ PLC: a programmable logic controller used for industrial automation.

  • Modbus: a serial communications protocol for use with its programmable logic controllers (PLCs).

  • Monero: is a decentralized cryptocurrency operated by a network of users.

  • MongoDB: a document-oriented NoSQL database.

  • Moxa Nport: a serial device server providing a TCP/IP interface to one or more serial devices.

  • MQTT Broker: a server that receives MQTT messages from clients and then routes the messages to appropriate destinations.

  • MSA Outlook: Microsoft Outlook email service.

  • Munin Node: an open-source computer system monitoring, network monitoring, and infrastructure monitoring software application.

  • Mumble: a voice-over-IP application.

  • MySQL: an open-source relational database.

  • NanoCore RAT: a malicious remote access trojan (RAT).

  • NAT-PMP: a network protocol for establishing network address translation (NAT) settings and port forwarding configurations.

  • NetBIOS: provides services allowing applications on separate computers to communicate over a local area network (LAN).

  • NetMobility: an LTE network monitoring product.

  • Network News: NNTP is the protocol used to connect to Usenet servers and transfer newsgroup articles between systems over the Internet.

  • NFS: Network File System (NFS) is a distributed file system protocol.

  • njRAT C&C: a malicious trojan also known as Bladabindi.

  • NTP: Network Time Protocol (NTP) is a networking protocol for clock synchronization.

  • Nuclear RAT: a malicious remote access trojan (RAT).

  • Omron PLC: a programmable logic controller.

  • ONVIF Camera: a camera interface.

  • OPC UA: OPC Unified Architecture is a machine-to-machine communication protocol for industrial automation.

  • OpenVPN: an open-source commercial VPN software.

  • Oracle TNS Listener: Transport Network Substrate (TNS) is a protocol for connecting to Oracle databases.

  • Oracle WebLogic T3: a protocol used to transport information between WebLogic servers and other types of Java programs.

P - T

  • PCAnywhere Status: a remote control software from Symantec.

  • PC WORX: software for programming Phoenix Contact electronics devices.

  • PLC5: a programmable logic controller from Rockwell Automation.

  • PLC ProConOs: a protocol for programmable logic controllers.

  • Poison Ivy RAT: a malicious remote access trojan (RAT).

  • POP3: a client/server protocol for email.

  • portmapper: returns a list of running processes and their ports on a node.

  • PostgreSQL: an open-source relational database.

  • Poppassd: a program that changes system passwords and enables users to change their mail passwords.

  • PPTP: Point-to-Point Tunneling Protocol is an obsolete method for implementing virtual private networks.

  • Printer: a networked printer.

  • Printer Status: a networked printer.

  • QRAT C&C: a botnet command and control server.

  • Quasar RAT C&C: a malicious remote access trojan (RAT).

  • QUIC HTTP: a proposed replacement for TCP to improve the speed of HTTP traffic.

  • Redis: a key-value database.

  • Red Lion HMI: devices running CrimsonV3; Red Lion's HMI operator panels enable customers to control processes across a range of industries.

  • RemCos Pro RAT: a remote access and keylogger tool.

  • Remote Desktop: Microsoft's remote desktop protocol.

  • Riak: a key-value database.

  • RIP: the Routing Information Protocol.

  • rpcbind: lists active RPC services on a machine.

  • RSYNCD: a utility for synchronizing local and remote directories.

  • RTSP: the Real-Time Streaming Protocol (RTSP) to control multimedia streaming, such as from IP cameras or DVRs.

  • RTXP Ripple: a cryptocurrency.

  • S7: a proprietary protocol developed by Siemens for communicating with their Programmable Logic Controllers (PLCs).

  • Samba: an open-source implementation of the SMB protocol and Microsoft Active Directory for Unix systems and Linux distributions.

  • SAP Router: used to establish a remote connection between SAP and a customer's network.

  • SCPI: Standard Commands for Programmable Instruments (SCPI) is a protocol primarily used for communicating with lab equipment.

  • SIP: Session Initiation Protocol (SIP) is a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications.

  • Smart Meter: Kamstrup Smart Meter for metering energy and water.

  • SMB: Server Message Block (SMB) is a protocol for shared access to files, printers, and serial ports between nodes on a network.

  • SMTP: Simple Mail Transfer Protocol (SMTP) is a protocol used for sending email.

  • SNMP: Simple Network Management Protocol (SNMP) is a protocol for collecting information from and configuring various types of networked devices.

  • SPF

  • SQL Server Monitor: Microsoft SQL Server is a relational database.

  • SQL Server: Microsoft SQL Server is a relational database.

  • SSL/TLS: the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols for encrypted traffic.

  • SSH: Secure Shell (SSH) is a protocol for securely operating network devices.

  • StatsD: a daemon for collecting statistics.

  • Steam: a dedicated server for online gaming.

  • Subversion: a software versioning and distributed revision control system from Apache.

  • TACACS+ AAA: checks if a device supports TACACS+ AAA.

  • Tank Gauge

  • TC-B: TC-B services.

  • TeamViewer: a service for remote support and remote access.

  • Telnet: an application protocol used on the internet or local area network (LAN) to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection.

  • Tibia: a service for the Tibia online video game.

  • TikTok Pixel: a user tracking technology for TikTok.

  • TOR Control: Tor Control service.

  • TOR OR: Tor Onion router.

  • Torrent Tracker: BitTorrent tracker service.

  • Tridium Fox: Fox protocol by Tridium.

  • TUYA API: API service for Tuya IoT platform.

U - Z

  • Ubiquiti: a service for retrieving information about a Ubiquiti-powered access point.

  • Udpxy: an IPTV stream relay service.

  • Unitronics PLC PCOM: a service for collecting device information for Unitronics PLCs via PCOM protocol.

  • Unknown: an exposed unknown service.

  • Unidentified: an unidentifiable open port.

  • UPnP: a Universal Plug and Play (UPnP) service.

  • Ventrilo: a service for retrieving detailed status information from a Ventrilo server.

  • VMWare Authentication Daemon

  • VNC: Virtual Network Computing (VNC) is a graphical desktop sharing system that uses the Remote Frame Buffer protocol to control another computer remotely.

  • VoldemortDB: a distributed data store designed as a key-value system that is used by LinkedIn for highly-scalable storage.

  • VxWorks WDB agent: WDB agent (used for debugging) on a VxWorks device.

  • Web cache: a web cache (or HTTP cache) for the temporary storage (caching) of web documents, such as webpages, images, and other types of multimedia, to reduce server lag.

  • Wemo Link: a service for IoT Wemo LEO lighting.

  • WHOIS: the WHOIS service conducts query and response for internet resources.

  • WordPress XML-RPC API: an API tool for WordPress that may create additional surface for distributed denial-of-service (DDoS) attacks.

  • X11: an SSH forwarding protocol; we identify if the service is running and can grab the header without auth.

  • XMPP Daemon: Extensible Messaging and Presence Protocol service.

  • Yahoo Smart TV: a smart television service.

  • Zero Access Trojan: a Trojan horse malware.

  • Zookeeper Node: a port is open and a service is listening but we cannot identify it.

  • z/OS NJE: a Network Job Entry (NJE) network is composed of nodes that can transmit or receive a unit of work.

Related Articles
How does UpGuard collect data for its security ratings?
Did this answer your question?