What ports should always be open?
- 20 – FTP (File Transfer Protocol)
- 22 – Secure Shell (SSH)
- 25 – Simple Mail Transfer Protocol (SMTP)
- 53 – Domain Name System (DNS)
- 80 – Hypertext Transfer Protocol (HTTP)
- 110 – Post Office Protocol (POP3)
- 143 – Internet Message Access Protocol (IMAP)
- 443 – HTTP Secure (HTTPS)
Arguably the single most famous port on the Internet, TCP port 80 is the default that HyperText Transfer Protocol Web servers listen on for Web browser requests. Port 443 is the default for secure HTTP.
If port 80 is open, that means your router allows incoming and/or outgoing connections using that port. If you are running a server application that uses HTTP, it is usually necessary for port 80 to be open.
HTTPS Port 443 offers encrypted communication between the web browser and web server, making the data unreadable for any data breach. Hence, connecting through HTTPS Port 443 for web browsing certainly wins hands down over establishing an unsafe HTTP Port 80 connection for web surfing.
This port should be blocked. Port 21 – Used by FTP to allow file transfers. Most hosts on your network are not intended to be FTP Servers - don't leave doors open that don't need to be open. Also consider using Secure FTP (SFTP) instead or other methods of encrypted file transfer instead of unencrypted FTP.
Ports 80, 443, 8080 and 8443 (HTTP and HTTPS)
They're especially vulnerable to cross-site scripting, SQL injections, cross-site request forgeries and DDoS attacks.
Answer: Open the Run command and type cmd to open the command prompt. Type: “netstat –na” and hit enter. Find port 445 under the Local Address and check the State. If it says Listening, your port is open.
Port 443 is a virtual port that computers use to divert network traffic. Billions of people across the globe use it every single day. Any web search you make, your computer connects with a server that hosts that information and fetches it for you. This connection is made via a port – either HTTPS or HTTP port.
What is port number 8080 used for? Port number 8080 is usually used for web servers. When a port number is added to the end of the domain name, it drives traffic to the web server. However, users can not reserve port 8080 for secondary web servers.
With port 443, the connection is much more secure as the information is encrypted through SSL/TLS (secure sockets layer/transport layer security). With port 80, all information is transferred in plaintext and available to anyone to see. Port 443 is the global standard port for HTTPS traffic.
What ports are vulnerable?
- FTP (20, 21) FTP stands for File Transfer Protocol. ...
- SSH (22) SSH stands for Secure Shell. ...
- SMB (139, 137, 445) SMB stands for Server Message Block. ...
- DNS (53) DNS stands for Domain Name System. ...
- HTTP / HTTPS (443, 80, 8080, 8443) ...
- Telnet (23) ...
- SMTP (25) ...
- TFTP (69)
It's the applications and services listening on these ports. Attackers can easily exploit weaknesses in the applications listening on a port. Hackers can take advantage of security vulnerabilities in older, unpatched software, weak credentials, and misconfigured services to compromise a network.

The new default start port is 49152, and the new default end port is 65535. This is a change from the configuration of earlier versions of Windows that used a default port range of 1025 through 5000.