Ports are numbers that are used in TCP and UDP protocols for identification of applications. While some applications use well-known port numbers, such as 80 for HTTP, or 443 for HTTPS, some applications use dynamic ports. Open port refers to a port, on which a system is accepting communication.

Open port does not immediately mean a security issue. But, it can provide a pathway for attackers to the application listening on that port. Therefore, attackers can exploit shortcomings like weak credentials, no two-factor authentication, or even vulnerabilities in the application itself.

When open for the Internet, attackers can use open ports as an initial attack vector. Furthermore, listening ports on a local network can be used for lateral movement. It is a good practice to close ports or at least limit them to a local network. If necessary, you can make applications accessible to remote workers via a secure VPN.

Scanning tools used by both attackers and security professionals allow an automated detection of open ports. Many network-based IDS/IPS solutions, and even workstation-based endpoint security solutions can detect port scanning. It is worthwhile to investigate port scanning originating from inside the local network, as it often means a compromised device. However, computers running some security solutions can generate false positives. This is because vendors of security solutions feature a port scanner to detect vulnerable devices inside a home network.

Here are the below list of Infection vectors abusing the respective ports

PortInfection Vectors
22Shaft, SSH RAT
23Tiny Telent Server
25Antigen, Email Password Sender
26Badpatch
31/456Hackers Paradise
53Denis Ebury
68Mspy
80Necurs, NetWire
113Shiver
139Nuker
421TCP Wrappers Trojan
443TrickBot,UBoatRAT,Carbanak
445Wannacry
456Hackers Paradise
555Ini-Killer
666Satanz Backdoor
1001Silencer
1011Doly Trojan
1026/64666RSM
1095-98RAT
1170Psyber Stream Server
1177njRAT
1234Ultors Trojan
1234/12345Valvoline
1243Sub Seven 1.0-1.8
1243/6711/6776/27374Sub Seven
1245VooDoo Doll
1777Java RAT
1349Back Office DLL
1492FTP99CMP
1433Misdat
1600Shivka-Burka
1604DarkComet AT
1807SpySender
1863XtremeRAT
1981Shockrave
1999BackDoor 1.00-1.03
2001Trojan Cow
2115Bugs
2140The Invasor
2140/3150Deep Throat
2155Illusion Mailer
2801Phineas Phucker
3129Masters Paradise
3131Subsari
3150The Invasor
3389RDP
3700/9872-9875/10067/10167Portal of Doom
4000RA
4567File Nail 1
4590ICQTrojan
5000Bubbel
6267GW Giri
6400Thing
6666KillRat
6667/12349Bionet MagicHound
6670-71DeepThroat
6969GateCrasher, Priority
7000Remote Grab
7300-08NetMonitor
7300/31338/31339Net Spy
7597Qaz
7626Gdoor
7777GodMsg
7789ICKiller
8000BADCALL,Comnie
8012Ptakks
8080Zeus, APT 37, FIN 7
8443FelixRoot,Nidiran
8787/54321BackOfrice
9989Ini-Killer
10048Delf
10100Gift
10607Coma
11000Senna Spy
11223Progenic Trojan
12223Hack’99 Key Logger
12345-46GabanBus
12361/12362Whack-a-Mole
16969Priority
20001Millenium
20034/1120NetBus
21544Girl Friend
22222Prosiak
22222Rux
23432Asylum
23456Evil FTP
25685Moon Pie
26274Delta
30100-02NetSphere
31337-38Back Orifice
31338DeepBO
31339NetSpyDK
31666BOWhack
33333Prosiak
34324BigGluck, TN
40412The Spy
40421-26Masters Paradise
47262Delta
50766Fore
53001Remote Windows Shutdown
54321SchoolBus
61466Telecommando
65000Devil