Open Router Ports & Their Security Implications [Technology Explained] (2024)

Your computers, servers, and routers communicate over the internet with external services, like web, database, and email servers. Ports are the portal through which these communications occur.

When you buy a new device, some ports—default open ports—are already configured to enable communications over the internet with certain services. Should you change these default open ports?

What Is a Default Open Port?

A default open port is a port number that is configured by default to accept internet connections and packets from specific services, using protocols such as Datagram Congestion Control Protocol (DCCP), Stream Control Transmission Protocol (SCTP), User Datagram Protocol (UDP), or Transmission Control Protocol (TCP).

For instance, when you buy a computer or router, you won't need to open or configure port 80 to access web servers, as port 80 is open by default. Most computer, server, and router manufacturers enable Hypertext Transfer Protocol (HTTP) communications between web servers and browsers over port 80 by default.

So although you can reconfigure port 80 for use with another service, it'll likely be configured for use with web servers out of the box.

Examples of Common Open Ports

According to the Internet Assigned Numbers Authority (IANA) 's Port Number Registry, there are over 65,000 ports. Ports 0–1023 are System Ports or Well-Known Ports. System ports are usually open and assigned to specific, well-known services. Meanwhile, ports 1024 to 65535 are typically registered by users, services, or processes. However, not all ports are used or open at any given time.

Default open ports mostly fall between ports 0–1023. However, while it's technically possible to use any port from 0 to 65,535 as the default port for any service, it's best to adhere to the established conventions to avoid compatibility issues. Remember port 80? If you set that to something other than HTTP traffic, you'll struggle to connect to internet services. Sure, you can change the port, but programs and service will follow their programming.

For instance, the default open port for the MySQL Server is port 3306 across Windows, macOS, and Linux operating systems. These are some other common open ports:

• Port 21 for File Transfer Protocol (FTP) Control
• Port 23 for Telnet
• Port 53 for Domain Name System (DNS) Service
• Port 110 for Post Office Protocol (POP3)/Authenticated Post Office Protocol (APOP)
• Port 139 for Server Message Block (SMB)/NetBIOS-ssn
• Port 5000 for Universal Plug and Play (UPNP)/network discovery protocol, mostly used in routers

Note that different default open ports may carry different names due to slight differences in specific services.

For example, Windows and Linux use port 67 to receive requests from Dynamic Host Configuration Protocol (DCHP) clients and 68 to send requests to DCHP servers, while macOS uses port 67 and 68 for the Bootstrap Protocol Server (bootps) and Bootstrap Protocol client (bootpc). But in reality, these ports are used for the same process, as DHCP is the extension of the Bootstrap Protocol, and it functions similarly on Windows, Linux, and macOS.

Should You Change the Default Open Ports?

You can change or reconfigure default open ports to help defend against automated cyberattacks—if you know what you're doing. Otherwise, changing default ports doesn't necessarily improve security, and in fact, you may create a vulnerability.

Default open ports aren't dangerous by themselves. They become dangerous when the service attached is unpatched or vulnerable to exploits. This can lead to services and hosts possibly getting compromised due to mistakes or malicious actors. A good example was the WannaCry ransomware attack, where infected systems searched the target network for devices receiving traffic on ports 135-139 or 445 (the ports for the SMB protocol).

Nevertheless, changing default open ports can complicate things for you. For instance, if you change the port HTTP uses, you'll have to update your web browsers to use the new port. So instead of changing your default ports to avoid cybersecurity risks, you can employ common open port check tools like Nmap and Wireshark to help you identify if your sensitive data are exposed or if your open ports are susceptible to cybersecurity risks.

Additionally, you may change default open ports to run multiple instances of one application on the same computer, access services like Remote Desktop, SQL Server, and Configuration Manager, or comply with your company's firewall rules.

How to Check Your Computer's Default Open Ports

There are two commands you can use on Windows, the netstat command on Linux, and the Terminal app on macOS to check the ports that are open on your computer or server. The open port is the number after the colon (:) after the IP address. For instance, in 111.122.1.23:80, 80 is the open port.

Similarly, you can connect your router to your computer using an Ethernet cable to check for your computer's default open ports.

See Also

How to see if Windows Firewall is blocking a port or program

With the Ethernet cable connected:

• Launch the Command Prompt on Windows, then input netstat -bn or netstat -a

  

• Launch the Terminal on Linux, then input ss -tln or netstat -tlpn

  

• With macOS, open the Terminal app, then input lsof -PiTCP -sTCP:LISTEN

  

Alternatively, enter your router's public IP address into a web browser. Then, navigate to Settings to view information about your computer's default open ports.

Note that this is to change the default ports on your computer. You'll need to use a tool like Nmap to scan your router ports.

How to Change Default Open Ports

The steps for changing default open ports will depend on the underlying service (HTTP, UPUP, MySQL, and so on) and your computer operating system. However, the steps are similar.

You'll need to find the configuration file for the service and locate the section defining the port you want to change. Then, you'll change the default port number to your preferred one. After changing it, you only have to save the configuration file and restart the service.

Let's assume you want to change the HTTP port from 80 to 8080. The main HTTP configuration file is httpd.conf (on Debian OS, it's apache2.conf), and you can get it from Apache HTTP Server.

First, download and set up an Apache Web Server on Linux or the relevant operating system.

After installation, httpd.conf may be located in:

• Linux: the /usr/pw/apache/conf directory
• macOS: the etc/apache2 directory
• Windows: the C:\wamp\Apache2\conf directory

You can run the httpd -v prompt in the Command Prompt or Terminal to confirm the file's exact location.

Once you've located the file, open it with a text editor and find the section defining the HTTP service port. You'll likely find Port 80 or Listen 80. Change 80 to 8080.

Then, save the configuration file and restart the Apache HTTP Server with the following command: pw process restart httpd

How to Change Your Router's Default Open Ports

Similarly, you can change your router's default HTTP open port from 80 to 8080 using a macOS, Windows, or Linux computer if it isn't hard-coded to the default port. Unfortunately, some routers don't allow users to change port configurations.

1. Open a web browser and insert your router's IP address into the address bar. Click Enter or Return, depending on your device, to navigate to the login page.
2. After logging into your router's settings page, go to the Device Administration, Management, or Advanced Settings page, depending on your device.

   

3. Then, search for the HTTP Port option; it'll likely be under the firewall tab. You can check your router's manual for the exact steps. But some routers, especially those provided by internet service providers (ISPs), do not allow you to change default open ports; they only enable port forwarding.

   

4. Alternatively, you can input HTTP Port into a Search bar if you see one.
5. You'll find that the default open port is 80. Change it to 8080, and save your changes.

Because changing your router's default port may affect how your router works, you may need to configure your firewall or other devices to allow the new port. Also, note that changing your router's default port differs from port forwarding, where you forward incoming traffic to a specific port.

Don't Change Default Open Ports Unless Absolutely Required

Changing default open ports may help you access certain services, comply with your company's firewall rules, or, less likely, avoid exposure to cyber vulnerabilities. However, it'll not solve your security issues; it might even introduce many more!

It's best to leave default open ports alone to avoid unnecessary complexities, compatibility issues, errors, and cyber vulnerabilities.