Open Server Ports: How to Check and Why It Matters for Security
Network ports are virtual entry points through which applications on a server accept network connections. Every open port is a potential attack vector. Understanding which ports are open on your server and why is the foundation of network security.
How Network Ports Work
An IP address identifies a server on the network, while a port identifies a specific application on that server. Together they form a socket, e.g., 93.184.216.34:443. There are 65,535 total ports, divided into three ranges:
| Range | Name | Description |
|---|---|---|
| 0–1023 | Well-known ports | Reserved for standard services (HTTP, SSL/TLS проверку, SSH, FTP) |
| 1024–49151 | Registered ports | Assigned to specific applications (MySQL, PostgreSQL, Redis) |
| 49152–65535 | Dynamic ports | Used for temporary connections |
Common Ports and Services
| Port | Protocol | Service | Should Be Public? |
|---|---|---|---|
| 22 | TCP | SSH | Only with IP restrictions |
| 25 | TCP | SMTP | Only for mail servers |
| 53 | TCP/UDP | DNS | Only for DNS servers |
| 80 | TCP | HTTP | Yes (redirect to HTTPS) |
| 443 | TCP | HTTPS | Yes |
| 3306 | TCP | MySQL | No — localhost only |
| 5432 | TCP | PostgreSQL | No — localhost only |
| 6379 | TCP | Redis | No — localhost only |
| 8080 | TCP | HTTP alternative | Depends on use case |
| 27017 | TCP | MongoDB | No — localhost only |
Why Open Ports Are Dangerous
Expanded Attack Surface
Every open port runs a service that may contain vulnerabilities. More open ports mean more potential entry points for an attacker.
Common Port-Based Attacks
- SSH brute force (port 22) — automated password guessing. Thousands of bots constantly scan the internet for open SSH.
- Database exposure (ports 3306, 5432, 27017) — unprotected databases accessible from the internet are a leading cause of data breaches.
- Redis without auth (port 6379) — an open Redis instance allows writing an SSH key and gaining full server access.
- Vulnerable service exploits — outdated software on open ports gets exploited by automated scanning tools.
How to Check Open Ports
From Inside the Server
# All listening ports
ss -tlnp
# or
netstat -tlnp
# Specific port
ss -tlnp | grep :3306From Outside (Scanning)
# nmap — scan common ports
nmap example.com
# Specific ports
nmap -p 22,80,443,3306,6379 example.com
# Service version detection
nmap -sV example.comOnline Tools
For quick checks without installing nmap, use online port checking tools. Enterno.io provides a Ping tool with TCP port checking capabilities.
How to Secure Open Ports
1. Firewall (iptables / ufw / firewalld)
The primary defense tool is a firewall. Principle: deny everything, allow only what's necessary.
# UFW (Ubuntu)
ufw default deny incoming
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow from 1.2.3.4 to any port 22 # SSH from your IP only
ufw enable2. Bind to localhost
Services that don't need external access should listen only on 127.0.0.1:
# MySQL: my.cnf
bind-address = 127.0.0.1
# Redis: redis.conf
bind 127.0.0.1
# PostgreSQL: postgresql.conf
listen_addresses = 'localhost'3. Change Default Ports
Changing the SSH port from 22 to a non-standard one (e.g., 2222) isn't true security, but it significantly reduces automated attack noise.
4. Fail2ban
Fail2ban monitors logs and blocks IPs after repeated failed connection attempts:
# Install
apt install fail2ban
# Check status
fail2ban-client status sshd5. VPN / SSH Tunnels
For admin interfaces (control panels, databases, monitoring dashboards), use VPN or SSH tunnels instead of exposing ports to the internet.
Port Security Checklist
- Scan your server from both inside and outside
- Close all ports except those required (80, 443)
- Bind databases and caches to localhost
- Restrict SSH by IP or use VPN
- Install fail2ban for SSH
- Set up monitoring for open ports
- Regularly update software on all exposed services
Check your website right now
Check now →