UpGuard scans for open ports and if an open port is found, we attempt to identify the service that is running on that port. While open ports aren't necessarily dangerous, they can expose vulnerable services that are misconfigured, unpatched, vulnerable to exploits, or have poor network security.
UpGuard identifies and monitors for over 150 known services that can be exposed by open ports. If we are unable to identify a service, a risk is still raised and reported as an exposed unknown service.
The services UpGuard identifies via port scanning are:
AMQP: Advanced Message Queue Protocol - provides access to a queue of data
AndroMouse: Android mouse and keyboard interface
Apache CouchDB: An open-source No-SQL database
Apache Kafka: A real-time data streaming platform
Apple Airport: AirPort Wifi support/service
Apple Remote Desktop: Remote Desktop for Apple products
BACnet: BACnet is a communications protocol for Building Automation and Control (BAC) networks
Beanstalk Daemon: Beanstalk is a simple, fast work queue
BGP: Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information
Bitcoin Daemon: Runs on a Bitcoin node
Blackshades C&C: Blackshades is the name of a malicious RAT (remote access trojan)
Cassandra DB: Apache Cassandra is a free and open-source, distributed, wide column store, NoSQL database management system
CheckPoint Firewall: Get hostnames for the CheckPoint firewall and management station
Cisco Install: An access point for Cisco Smart Install feature
Citrix ICA: Citrix ICA is a proprietary protocol for an application server system
ClamAV: An open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats
CoAP: CoAP is a service layer protocol allowing nodes on a constrained network to be accessed over the internet
Coffee Status: This is a smart coffee machine
Coffee Machine: This is a coffee machine or kettle
ConsulDiscovery: Consul is a service discovery solution
Crestron SSN: Crestron is a control system for building management
DarkTrack RAT: Another malicious RAT (remote access trojan)
DB2: IBM DB2 database server
DHCP: DHCP server interface
DHT Peer List: Allows peer discovery using a distributed hash table
DICOM: DICOM provides an interface for handling, storing, receiving of medical imaging data
Dictionary: Dictionary server using the DICT protocol
Digi Realport: Digi Realport (IoT wifi interfacing device) interface service
DNP3: DNP3 is a set of communications protocols used between components in process automation systems
DNS: Domain Name System - nuts and bolts of the internet
Door Controller: VertX/Edge door controller
Dovecot Pigeonhole: Pigeonhole adds support for the Sieve language (RFC 5228) and the ManageSieve protocol (RFC 5804) to the Dovecot Secure IMAP Server
DVR SerialNo: Interface directly to a Dahua DVR device
Echo: A service in the Internet Protocol Suite that can be used for DoS attacks
ElasticSearch: Elasticsearch is a search engine based on the Lucene library. It provides a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents
Erlang: A general-purpose, concurrent, functional programming language, and a garbage-collected runtime system
ETCD: A distributed, reliable key-value store for the most critical data of a distributed system
Ethereum: Ethereum is both a cryptocurrency and a decentralized computing platform.
Ethernet/IP: Ethernet/IP is an industrial network protocol that adapts the Common Industrial Protocol to standard Ethernet
Flux LED State: Control interface of a Flux LED light bulb.
FTP: The File Transfer Protocol (FTP) is a standard network protocol used for the transfer of computer files
FTP (Anonymous): The File Transfer Protocol (FTP) is a standard network protocol used for the transfer of computer files
Ganglia XML Grid monitor: Ganglia is a scalable, distributed monitoring tool for high-performance computing systems, clusters, and networks
Gardasoft Controller: High intensity LED lighting controller
Gearman queue: An open-source application framework designed to distribute appropriate computer tasks to multiple computers
GE SRTP Status: The GESRTP DAServer provides access to data within the GE Fanuc family of PLCs.
Gh0st RAT: Another malicious RAT (remote access trojan)
Git: Git is a distributed version control system
GRPS Tunnel: A group of IP-based communications protocols used to carry general packet radio service (GPRS) within GSM, UMTS, and LTE networks
HARTIP: Allows HART automation device data to be accessed over IP networks
HBaseDB: Apache HBase™ provides random, realtime read/write access to your Big Data
HDD Temp: Hard Drive statistics information
HiFly Lighting Control: Control interface of a HiFly LED lighting system
HTTP: Standard internet HTTP protocol
HTTPS: Standard, encrypted internet HTTP protocol
z/OS NJE: An NJE network is comprised of nodes that can transmit or receive a unit of work
IDENTD: An Internet protocol that helps identify the user of a particular TCP connection
iDevice Property List: Get property data from an iDevice
IEC-104: IEC-104 is a standard for telecontrol equipment and systems with coded bit serial data transmission in TCP/IP
IEC-61850: IEC-61850 is an object-oriented control-system protocol as compared to older protocols which are signal-oriented
IKE VPN: VPN implementation based on IKE (Internet Key Exchange)
IMAP: IMAP mail service
IOTA: IOTA is a quantum-resistant distributed ledger protocol and digital currency.
IPMI: IPMI defines a set of interfaces for out-of-band management of computer systems and monitoring of their operation
ISCSI: Allows SCSI commands to be sent over TCP/IP
Java RMI: Java's Remote Method Invocation interface
Kerberos: A ticket-based node identity protocol for mutual authentication
KilerRAT C&C: Another malicious RAT (remote access trojan)
KNX: KNX is a manufacturer-independent protocol for networking home and building system technologies
Lantronix Setup: Enables comms either computer - serial device, or from a serial device - another over Ethernet or Internet using “serial tunneling.”
LDAP: TCP/IP based directory service
LDAP SSL: TCP/IP based directory service
LibreOffice Impress: Allows remote control of an Impress slideshow via a mobile device
Lotus Notes: Various ports for Lotus Notes servers
Matrikon OPC: OPC provides a mechanism for reading industrial device configuration data over TCP/IP
MDNS: Multicast DNS service
memcached: A distributed memory object caching system
Microsoft Windows RPC: Microsoft RPC (Microsoft Remote Procedure Call) is a modified version of Distributed Computing Environment / Remote Procedure Calls
Minecraft: Running a Minecraft server
Mitsubishi EQ PLC: Programmable logic controller used for industrial automation
Modbus: Modbus is a serial communications protocol for use with its programmable logic controllers (PLCs)
Monero: Monero is a decentralized cryptocurrency, meaning it is secure digital cash operated by a network of users
MongoDB: MongoDB is a document-oriented NoSQL database
Moxa Nport: The Nport is a serial device server, providing a TCP/IP interface to one or more serial devices
MQTT Broker: An MQTT broker is a server that receives MQTT messages from clients and then routes the messages to appropriate destinations
MSA Outlook: Microsoft Outlook email service
Munin Node: Munin is an open-source computer system monitoring, network monitoring, and infrastructure monitoring software application
Mumble: Mumble is a voice over IP application primarily designed for use by gamers
MySQL: MySQL is an open-source relational database
NanoCore RAT: NanoCore is a trojan
NAT-PMP: NAT-PMP is a network protocol for establishing network address translation (NAT) settings and port forwarding configurations
NetBIOS: NetBIOS provides services allowing applications on separate computers to communicate over a local area network
NetMobility: NetMobility is an LTE network monitoring product
Network News: NNTP is the protocol used to connect to Usenet servers and transfer newsgroup articles between systems over the Internet
NFS: Network File System (NFS) is a distributed file system protocol
njRAT C&C: njRAT, also known as Bladabindi, is a trojan
NTP: Network Time Protocol (NTP) is a networking protocol for clock synchronization
Nuclear RAT: Nuclear RAT is a trojan
Omron PLC: Omron PLC is a programmable logic controller
Onvif Camera: ONVIF is a camera interface
OPC UA: OPC Unified Architecture is a machine to machine communication protocol for industrial automation
OpenVPN: OpenVPN is open-source commercial VPN software
Oracle TNS Listener: TNS is a protocol for connecting to Oracle databases
pcAnywhere Status: pcAnywhere is remote control software from Symantec
PC WORX: PC WORX is software for programming Phoenix Contact electronics devices
PLC5: PLC-5 is a programmable logic controller from Rockwell Automation
PLC ProConOs: ProCon OS is a protocol for programmable logic controllers
Poison Ivy RAT: Poison Ivy is a trojan
POP3: POP3 is a client/server protocol for email
portmapper: Portmap returns a list of running processes and their ports on a node
PostgresSQL: PostgreSQL is an open-source relational database
Poppassd: Poppassd is a program that changes system passwords thus allowing users to change their mail passwords
PPTP: The Point-to-Point Tunneling Protocol is an obsolete method for implementing virtual private networks
Printer: This is a networked printer
Printer Status: This is a networked printer
QRAT C&C: QRAT is a botnet command & control server
QUIC HTTP: QUIC is a proposed replacement for TCP to improve the speed of HTTP traffic
Redis: Redis is a key-value database
Red Lion HMI: Red Lion HMI devices running CrimsonV3. Red Lion's HMI operator panels enable customers to control processes across a range of industries
RemCos Pro RAT: RemCos Pro is a remote access/keylogger tool
Remote Desktop: RDP is Microsoft's remote desktop protocol
Riak: Riak is a key-value database
RIP: RIP is the Routing Information Protocol
rpcbind: rpcbind can list active RPC services on a machine
RSYNCD: Rsync is a utility for synchronizing local and remote directories
RTSP: The Real-Time Streaming Protocol (RTSP) is used to control multimedia streaming, such as from IP cameras or DVRs
RTXP Ripple: Ripple is a cryptocurrency
S7: S7 is a proprietary protocol developed by Siemens for communicating with their Programmable Logic Controllers
SAProuter: SAProuter is used to establish a remote connection between SAP and a customer's network
SCPI: Standard Commands for Programmable Instruments (SCPI) is a protocol primarily used for communicating with lab equipment
SIP: Session Initiation Protocol (SIP) is a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications
Smart Meter: Kamstrup Smart Meter for metering energy and water
Samba: Samba is an open-source implementation of the SMB protocol and Microsoft Active Directory for Unix systems and Linux distributions.
SMB: Server Message Block (SMB) is a protocol for shared access to files, printers, and serial ports between nodes on a network
SMTP: Simple Mail Transfer Protocol (SMTP) is a protocol used for sending email
SNMP: Simple Network Management Protocol (SNMP) is a protocol for collecting information from and configuring various types of networked devices
SQLServer Monitor: Microsoft SQL Server is a relational database
SQL Server: Microsoft SQL Server is a relational database
SSH: Secure Shell (SSH) is a protocol for securely operating network devices
StatsD: StatsD Is a daemon for collecting statistics
Steam: Steam-based dedicated server for online gaming
Subversion: Apache Subversion is a software versioning and revision control system distributed
TACACS+ AAA: Check whether the device supports TACACS+ AAA
Tank Gauge
TC-B: TC-B service
TeamViewer: Team Viewer service
Telnet: Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection
Tibia: Tibia (video game) service
TOR Control: Tor Control Service
TOR OR: Tor Onion Router
Torrent Tracker: BitTorrent tracker service
IBM/Toshiba 4690 POS: Service for remote management of the IBM / Toshiba 4690
Tridium FOX: FOX protocol by Tridium
TUYA API: Tuya API service
Ubiquiti: Service for retrieving information about a Ubiquiti-powered access point
Udpxy: UDPXY service (IPTV stream relay)
Unitronics PLC PCOM: Service for collecting device information for Unitronics PLCs via PCOM protocol
Unknown: Service for collecting device information for Unitronics PLCs via PCOM protocol
UPnP: UPnP Service
Ventrilo: Service for retrieving detailed status information from a Ventrilo server
VNC: Virtual Network Computing is a graphical desktop sharing system that uses the Remote Frame Buffer protocol to remotely control another computer
VoldemortDB: Voldemort is a distributed data store that was designed as a key-value store used by LinkedIn for highly-scalable storage
VxWorks WDB agent: WDB agent (used for debugging) on a VxWorks device
Web cache: A Web cache (or HTTP cache) is an information technology for the temporary storage (caching) of Web documents, such as Web pages, images, and other types of Web multimedia, to reduce server lag
Oracle WebLogic T3: T3 is the protocol used to transport information between WebLogic servers and other types of Java programs
Wemo Link: Wemo Link service
WHOIS: WHOIS service
X11: X11 service running, and with the ability to grab the resulting banner with no auth
XMPP Daemon: Extensible Messaging and Presence Protocol service
Yahoo Smart TV: A port is open and a service is listening but we cannot identify it
Zookeeper Node: A port is open and a service is listening but we cannot identify it
Apple RemoteDesktop VNC: Remote Desktop for Apple products
Ares RAT C&C: Ares is a remote access tool
Bozok RAT C&C: Blackshades is the name of a malicious RAT (remote access trojan)
Quasar RAT C&C: QRAT is a botnet command & control server.
DarkComet Trojan: Crestron is a control system for building management
Zero Access Trojan: A port is open and a service is listening but we cannot identify it