Common TCP, UDP Ports, plus Tightening up Your Firewalls

Below is a list of common ports and protocols for use on your Windows and Linux firewalls, switch ACL’s, network firewalls, and of course cloud architecture like Azure Network Security Groups (NSG’s).

To add some color to what may be a boring subject, I’m very accustomed to blocking all outbound Internet traffic and then only permitting necessary outbound flows. In doing so, you will continuously need to add new ACL’s or maintain or delete existing ones as things change in the environment. Knowing the ports and protocols that common services use is key.

To elaborate on above, an example of restricting the outbound (LAN to WAN) traffic while permitting only necessary traffic (including Internet access) is below. The example gets the basics in place including time, DNS, and web traffic. Make sure your endpoint devices use internal DNS and time infrastructure only. Only permit your DNS and time sources to connect to specific external DNS and NTP services that you trust.

Action/Desc	Protocol	Source	Destination	Ports
Permit – NTP, for authoritative time server (usually a DC)	udp	172.16.21.10/32	pool.ntp.org	123
Permit – DNS infra, like an AD DC	udp	172.16.21.10/32 172.16.21.11/32	208.67.222.222 208.67.220.220	53
Permit – Web, http and https	tcp	172.16.21.0/24	Any	80, 443
Deny – All	Any	Any	Any	Any

Of course, ALL incoming traffic (WAN to LAN) should be blocked. A DMZ should be considered if you need to expose inside services to the public Internet

Below is the more comprehensive list of ports, protocol, service, and purpose.

Port	Protocol	Service	Brief Purpose
20/21	TCP	FTP	File Transfer Protocol. 21 for commands, 20 for data.
22	TCP	SSH	Secure Shell. Encrypted remote login and file transfers (SFTP).
23	TCP	Telnet	Old, unencrypted remote login. Avoid using on public networks.
25	TCP	SMTP	Simple Mail Transfer Protocol. Used for server-to-server email.
53	UDP/TCP	DNS	Domain Name System. Translates names to IP addresses.
67/68	UDP	DHCP	Assigns IP addresses to devices on a local network.
69	UDP	TFTP	Trivial FTP. Simple, no-auth file transfer for booting hardware.
80	TCP	HTTP	Unencrypted web traffic.
88	UDP/TCP	Kerberos	Network authentication, primarily for Windows Domains.
110	TCP	POP3	Post Office Protocol v3. Retrieves email from a server.
123	UDP	NTP	Network Time Protocol. Syncs clocks across the internet.
143	TCP	IMAP	Internet Message Access Protocol. Synced email retrieval.
161/162	UDP	SNMP	Simple Network Management Protocol. Monitors network health.
389	TCP/UDP	LDAP	Accessing and maintaining distributed directory services.
443	TCP	HTTPS	Secure, encrypted web traffic (TLS/SSL).
445	TCP	SMB	Windows file sharing and printer access.
500	UDP	ISAKMP	Used to set up IPsec VPN security associations.
514	UDP	Syslog	Standard for sending system log messages to a server.
587	TCP	SMTP (TLS)	Modern secure port for sending/submitting email.
636	TCP	LDAPS	Secure LDAP over SSL/TLS.
993	TCP	IMAPS	Secure IMAP over SSL/TLS.
995	TCP	POP3S	Secure POP3 over SSL/TLS.
1433	TCP	MSSQL	Microsoft SQL Server database communication.
1812/1813	UDP	RADIUS	Authentication (1812) and Accounting (1813) for Wi-Fi/VPN.
1900	UDP	UPnP	Discovery for smart devices (TVs, printers) on a LAN.
3268/3269	TCP	GC	Active Directory Global Catalog (3269 is the SSL version).
3306	TCP	MySQL	Default port for MySQL and MariaDB databases.
3389	TCP	RDP	Microsoft Remote Desktop for graphical remote access.
5060/5061	UDP/TCP	SIP	Voice over IP (VoIP) signaling and call setup.
5432	TCP	Postgres	Default port for PostgreSQL databases.
6379	TCP	Redis	High-speed, in-memory data store and caching.
8080	TCP	HTTP-Alt	Common alternative for web servers or proxy services.
8443	TCP	HTTPS-Alt	Common alternative for secure web management consoles.
27017	TCP	MongoDB	Standard port for MongoDB NoSQL databases.