UpGuard scans for open ports and if an open port is found, we attempt to identify the service that is running on that port. While open ports aren't necessarily dangerous, they can expose vulnerable services that are misconfigured, unpatched, vulnerable to exploits, or have poor network security.

UpGuard identifies and monitors for over 150 known services that can be exposed by open ports. If we are unable to identify a service, a risk is still raised and reported as an exposed unknown service.

The services UpGuard identifies via port scanning are:

  • AMQP: Advanced Message Queue Protocol - provides access to a queue of data
  • AndroMouse: Android mouse and keyboard interface
  • Apache CouchDB: An open-source No-SQL database
  • Apache Kafka: A real-time data streaming platform
  • Apple Airport: AirPort Wifi support/service
  • Apple Remote Desktop: Remote Desktop for Apple products
  • BACnet: BACnet is a communications protocol for Building Automation and Control (BAC) networks
  • Beanstalk Daemon: Beanstalk is a simple, fast work queue
  • BGP: Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information
  • Bitcoin Daemon: Runs on a Bitcoin node
  • Blackshades C&C: Blackshades is the name of a malicious RAT (remote access trojan)
  • Cassandra DB: Apache Cassandra is a free and open-source, distributed, wide column store, NoSQL database management system
  • CheckPoint Firewall: Get hostnames for the CheckPoint firewall and management station
  • Cisco Install: An access point for Cisco Smart Install feature
  • Citrix ICA: Citrix ICA is a proprietary protocol for an application server system
  • ClamAV: An open source antivirus engine for detecting trojans, viruses, malware & other malicious threats
  • CoAP: CoAP is a service layer protocol allowing nodes on a constrained network to be accessed over the internet
  • Coffee Status: This is a smart coffee machine
  • Coffee Machine: This is a coffee machine or kettle
  • ConsulDiscovery: Consul is a service discovery solution
  • Crestron SSN: Crestron is a control system for building management
  • DarkTrack RAT: Another malicious RAT (remote access trojan)
  • DB2: IBM DB2 database server
  • DHCP: DHCP server interface
  • DHT Peer List: Allows peer discovery using a distributed hash table
  • DICOM: DICOM provides an interface for handling, storing, receiving of medical imaging data
  • Dictionary: Dictionary server using the DICT protocol
  • Digi Realport: Digi Realport (IoT wifi interfacing device) interface service
  • DNP3: DNP3 is a set of communications protocols used between components in process automation systems
  • DNS: Domain Name System - nuts and bolts of the internet
  • Door Controller: VertX/Edge door controller
  • Dovecot Pigeonhole: Pigeonhole adds support for the Sieve language (RFC 5228) and the ManageSieve protocol (RFC 5804) to the Dovecot Secure IMAP Server
  • DVR SerialNo: Interface directly to a Dahua DVR device
  • Echo: A service in the Internet Protocol Suite that can be used for DoS attacks
  • ElasticSearch: Elasticsearch is a search engine based on the Lucene library. It provides a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents
  • Erlang: A general-purpose, concurrent, functional programming language, and a garbage-collected runtime system
  • ETCD: A distributed, reliable key-value store for the most critical data of a distributed system
  • Ethereum: Ethereum is both a cryptocurrency and a decentralized computing platform.
  • Ethernet/IP: Ethernet/IP is an industrial network protocol that adapts the Common Industrial Protocol to standard Ethernet
  • Flux LED State: Control interface of a Flux LED light bulb.
  • FTP: The File Transfer Protocol (FTP) is a standard network protocol used for the transfer of computer files
  • FTP (Anonymous): The File Transfer Protocol (FTP) is a standard network protocol used for the transfer of computer files
  • Ganglia XML Grid monitor: Ganglia is a scalable, distributed monitoring tool for high-performance computing systems, clusters, and networks
  • Gardasoft Controller: High intensity LED lighting controller
  • Gearman queue: An open-source application framework designed to distribute appropriate computer tasks to multiple computers
  • GE SRTP Status: The GESRTP DAServer provides access to data within the GE Fanuc family of PLCs.
  • Gh0st RAT: Another malicious RAT (remote access trojan)
  • Git: Git is a distributed version control system
  • GRPS Tunnel: A group of IP-based communications protocols used to carry general packet radio service (GPRS) within GSM, UMTS, and LTE networks
  • HARTIP: Allows HART automation device data to be accessed over IP networks
  • HBaseDB: Apache HBase™ provides random, realtime read/write access to your Big Data
  • HDD Temp: Hard Drive statistics information
  • HiFly Lighting Control: Control interface of a HiFly LED lighting system
  • HTTP: Standard internet HTTP protocol
  • HTTPS: Standard, encrypted internet HTTP protocol
  • z/OS NJE: An NJE network is comprised of nodes that can transmit or receive a unit of work
  • IDENTD: An Internet protocol that helps identify the user of a particular TCP connection
  • iDevice Property List: Get property data from an iDevice
  • IEC-104: IEC-104 is a standard for telecontrol equipment and systems with coded bit serial data transmission in TCP/IP
  • IEC-61850: IEC-61850 is an object-oriented control-system protocol as compared to older protocols which are signal-oriented
  • IKE VPN: VPN implementation based on IKE (Internet Key Exchange)
  • IMAP: IMAP mail service
  • IOTA: IOTA is a quantum-resistant distributed ledger protocol and digital currency.
  • IPMI: IPMI defines a set of interfaces for out-of-band management of computer systems and monitoring of their operation
  • ISCSI: Allows SCSI commands to be sent over TCP/IP
  • Java RMI: Java's Remote Method Invocation interface
  • Kerberos: A ticket-based node identity protocol for mutual authentication
  • KilerRAT C&C: Another malicious RAT (remote access trojan)
  • KNX: KNX is a manufacturer-independent protocol for networking home and building system technologies
  • Lantronix Setup: Enables comms either computer - serial device, or from a serial device - another over Ethernet or Internet using “serial tunneling.”
  • LDAP: TCP/IP based directory service
  • LDAP SSL: TCP/IP based directory service
  • LibreOffice Impress: Allows remote control of an Impress slideshow via a mobile device
  • Lotus Notes: Various ports for Lotus Notes servers
  • Matrikon OPC: OPC provides a mechanism for reading industrial device configuration data over TCP/IP
  • MDNS: Multicast DNS service
  • memcached: A distributed memory object caching system
  • Microsoft Windows RPC: Microsoft RPC (Microsoft Remote Procedure Call) is a modified version of Distributed Computing Environment / Remote Procedure Calls
  • Minecraft: Running a Minecraft server
  • Mitsubishi EQ PLC: Programmable logic controller used for industrial automation
  • Modbus: Modbus is a serial communications protocol for use with its programmable logic controllers (PLCs)
  • Monero: Monero is a decentralized cryptocurrency, meaning it is secure digital cash operated by a network of users
  • MongoDB: MongoDB is a document-oriented NoSQL database
  • Moxa Nport: The Nport is a serial device server, providing a TCP/IP interface to one or more serial devices
  • MQTT Broker: An MQTT broker is a server that receives MQTT messages from clients and then routes the messages to appropriate destinations
  • MSA Outlook: Microsoft Outlook email service
  • Munin Node: Munin is an open-source computer system monitoring, network monitoring, and infrastructure monitoring software application
  • Mumble: Mumble is a voice over IP application primarily designed for use by gamers
  • MySQL: MySQL is an open-source relational database
  • NanoCore RAT: NanoCore is a trojan
  • NAT-PMP: NAT-PMP is a network protocol for establishing network address translation (NAT) settings and port forwarding configurations
  • NetBIOS: NetBIOS provides services allowing applications on separate computers to communicate over a local area network
  • NetMobility: NetMobility is an LTE network monitoring product
  • Network News: NNTP is the protocol used to connect to Usenet servers and transfer newsgroup articles between systems over the Internet
  • NFS: Network File System (NFS) is a distributed file system protocol
  • njRAT C&C: njRAT, also known as Bladabindi, is a trojan
  • NTP: Network Time Protocol (NTP) is a networking protocol for clock synchronization
  • Nuclear RAT: Nuclear RAT is a trojan
  • Omron PLC: Omron PLC is a programmable logic controller
  • Onvif Camera: ONVIF is a camera interface
  • OPC UA: OPC Unified Architecture is a machine to machine communication protocol for industrial automation
  • OpenVPN: OpenVPN is open source commercial VPN software
  • Oracle TNS Listener: TNS is a protocol for connecting to Oracle databases
  • pcAnywhere Status: pcAnywhere is remote control software from Symantec
  • PC WORX: PC WORX is software for programming Phoenix Contact electronics devices
  • PLC5: PLC-5 is a programmable logic controller from Rockwell Automation
  • PLC ProConOs: ProCon OS is a protocol for programmable logic controllers
  • Poison Ivy RAT: Poison Ivy is a trojan
  • POP3: POP3 is a client/server protocol for email
  • portmapper: Portmap returns a list of running processes and their ports on a node
  • PostgresSQL: PostgreSQL is an open-source relational database
  • Poppassd: Poppassd is a program that changes system passwords thus allowing users to change their mail passwords
  • PPTP: The Point-to-Point Tunneling Protocol is an obsolete method for implementing virtual private networks
  • Printer: This is a networked printer
  • Printer Status: This is a networked printer
  • QRAT C&C: QRAT is a botnet command & control server
  • QUIC HTTP: QUIC is a proposed replacement for TCP to improve the speed of HTTP traffic
  • Redis: Redis is a key-value database
  • Red Lion HMI: Red Lion HMI devices running CrimsonV3. Red Lion's HMI operator panels enable customers to control processes across a range of industries
  • RemCos Pro RAT: RemCos Pro is a remote access/keylogger tool
  • Remote Desktop: RDP is Microsoft's remote desktop protocol
  • Riak: Riak is a key-value database
  • RIP: RIP is the Routing Information Protocol
  • rpcbind: rpcbind can list active RPC services on a machine
  • RSYNCD: Rsync is a utility for synchronizing local and remote directories
  • RTSP: The Real-Time Streaming Protocol (RTSP) is used to control multimedia streaming, such as from IP cameras or DVRs
  • RTXP Ripple: Ripple is a cryptocurrency
  • S7: S7 is a proprietary protocol developed by Siemens for communicating with their Programmable Logic Controllers
  • SAProuter: SAProuter is used to establish a remote connection between SAP and a customer's network
  • SCPI: Standard Commands for Programmable Instruments (SCPI) is a protocol primarily used for communicating with lab equipment
  • SIP: Session Initiation Protocol (SIP) is a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video, and messaging applications
  • Smart Meter: Kamstrup Smart Meter for metering energy and water
  • Samba: Server Message Block (SMB) is a protocol for shared access to files, printers, and serial ports between nodes on a network
  • SMB: Server Message Block (SMB) is a protocol for shared access to files, printers, and serial ports between nodes on a network
  • SMTP: Simple Mail Transfer Protocol (SMTP) is a protocol used for sending email
  • SNMP: Simple Network Management Protocol (SNMP) is a protocol for collecting information from and configuring various types of networked devices
  • SQLServer Monitor: Microsoft SQL Server is a relational database
  • SQLServer: Microsoft SQL Server is a relational database
  • SQL Server: Microsoft SQL Server is a relational database
  • SSH: Secure Shell (SSH) is a protocol for securely operating network devices
  • StatsD: StatsD Is a daemon for collecting statistics
  • Steam: Steam-based dedicated server for online gaming
  • Subversion: Apache Subversion is a software versioning and revision control system distributed
  • TACACS+ AAA: Check whether the device supports TACACS+ AAA
  • Tank Gauge
  • TC-B: TC-B service
  • TeamViewer: Team Viewer service
  • Telnet: Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection
  • Tibia: Tibia (video game) service
  • TOR Control: Tor Control Service
  • TOR OR: Tor Onion Router
  • Torrent Tracker: BitTorrent tracker service
  • IBM/Toshiba 4690 POS: Service for remote management of the IBM / Toshiba 4690
  • Tridium FOX: FOX protocol by Tridium
  • TUYA API: Tuya API service
  • Ubiquiti: Service for retrieving information about a Ubiquiti-powered access point
  • Udpxy: UDPXY service (IPTV stream relay)
  • Unitronics PLC PCOM: Service for collecting device information for Unitronics PLCs via PCOM protocol
  • Unknown: Service for collecting device information for Unitronics PLCs via PCOM protocol
  • UPnP: UPnP Service
  • Ventrilo: Service for retrieving detailed status information from a Ventrilo server
  • VNC: Virtual Network Computing is a graphical desktop sharing system that uses the Remote Frame Buffer protocol to remotely control another computer
  • VoldemortDB: Voldemort is a distributed data store that was designed as a key-value store used by LinkedIn for highly-scalable storage
  • VxWorks WDB agent: WDB agent (used for debugging) on a VxWorks device
  • Web cache: A Web cache (or HTTP cache) is an information technology for the temporary storage (caching) of Web documents, such as Web pages, images, and other types of Web multimedia, to reduce server lag
  • Oracle WebLogic T3: T3 is the protocol used to transport information between WebLogic servers and other types of Java programs
  • Wemo Link: Wemo Link service
  • WHOIS: WHOIS service
  • X11: X11 service running, and with the ability to grab the resulting banner with no auth
  • XMPP Daemon: Extensible Messaging and Presence Protocol service
  • Yahoo Smart TV: A port is open and a service is listening but we cannot identify it
  • Zookeeper Node: A port is open and a service is listening but we cannot identify it
  • Apple RemoteDesktop VNC: Remote Desktop for Apple products
  • Ares RAT C&C: Ares is a remote access tool
  • Bozok RAT C&C: Blackshades is the name of a malicious RAT (remote access trojan)
  • Quasar RAT C&C: QRAT is a botnet command & control server.
  • DarkComet Trojan: Crestron is a control system for building management
  • Zero Access Trojan: A port is open and a service is listening but we cannot identify it
Did this answer your question?