Port 21 (tcp/udp) :: SpeedGuide

Main Broadband Articles Forums Info

Main Broadband Articles Forums Info Login Please Login Shortcuts 5300+ Routers 65535 Ports FAQs Glossary SG Broadband Tools SG IP Locator SG Network Tools SG Security Scan SG Speed Test TCP/IP Analyzer TCP/IP Optimizer

Home » Ports Database » Port Details Port 21 Details known port assignments and vulnerabilities threat/application/port search: Port(s) Protocol Service Details Source 21 tcp FTP File Transfer Protocol [RFC 959] - some network devices may be listening on this port, such as NAT routers for remote access/private cloud storage and network attached multi-function printers (scan to ftp feature). Asus RT routers may open an internet accessible FTP server for USB-attached storage, configurable in administration panel under "USB Application > Servers Center > FTP Share" Trojan horses/backdoors that also use this port: 7tp trojan, MBT, Back Construction, Blade Runner, Cattivik FTP Server, CC Invader, Dark FTP, Doly Trojan, Fore, Invisible FTP, Juggernaut 42, Larva, MotIv FTP, Nerte 7.8.1, Net Administrator, Ramen, Senna Spy FTP server, The Flu, Traitor 21, WebEx, WinCrash, W32.Mytob.AE@mm [Symantec-2005-040915-5504-99], W32.Sober.N@mm [Symantec-2005-041910-4132-99], W32.Bobax.AF@mm [Symantec-2005-081611-4121-99] - a mass-mailing worm that opens a backdoor and lowers security settings on the compromised computer. It exploits the MS Plug and Play Buffer Overflow vulnerability (MS Security Bulletin [MS05-039]) on port 21/tcp., and by sending copies of itself to gathered email addresses. Also opens a backdoor on a random tcp port and/or port 80/udp. W32.Loxbot.C [Symantec-2006-010515-3159-99] (2006-01-05) FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service (network connectivity loss) via a connection to port 21 with a large amount of random data. References: [CVE-2002-0779] TURCK BL20 / BL67 could allow a remote attacker to bypass security restrictions, caused by the use of hardcoded credentials for the FTP service. An attacker could exploit this vulnerability using TCP port 21 to gain administrative access to the device. References: [CVE-2012-4697], [XFDB-84351] The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21. References: [CVE-2015-7261] The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easier for remote attackers to read or write to files via a session on TCP port 21. References: [CVE-2015-3968] A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device. References: [CVE-2017-6872], [BID-99473] A vulnerability has been identified in SiNVR 3 Central Control Server (CCS) (all versions), SiNVR 3 Video Server (all versions). The two FTP services (default ports 21/tcp and 5411/tcp) of the SiNVR 3 Video Server contain a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server, if the FTP services are enabled. References: [CVE-2019-19296] Backdoor.Win32.Delf.zho / Authentication Bypass RCE - the malware listens on TCP port 21 and TCP ports 14920 to 14923. Third-party attackers who can reach the system can logon using any username/password combination. Attackers may then upload executables using ftp PASV, STOR commands, this can result in remote code execution. References: [MVID-2021-0205] ReverseTrojan by satan_addict listens on TCP ports, 12000 and 21. The malware accepts empty credentials for authentication as the default settings are set to blank. Third-party attackers who can reach an infected host can potentially gain access to the machine before or if no password is set. References: [MVID-2021-0256] Backdoor.Win32.Wollf.16 / Authentication Bypass - the malware listens on TCP port 1015 and has an FTPD feature that when enabled listens on TCP port 21. Third-party attackers who can reach an infected system can logon using any username/password combination. References: [MVID-2022-0462] Backdoor.Win32.Hellza.120 / Unauthorized Remote Command Execution - the malware listens on TCP ports 12122, 21. Third-party adversarys who can reach infected systems can issue commands made available by the backdoor. References: [MVID-2022-0641] SG 21 udp FSP FSP/FTP [RFC959] SG 21 tcp FTP - control (command) (official) Wikipedia 21 tcp trojan ADM worm, Back Construction, Blade Runner, BlueFire, Bmail, Cattivik FTP Server, CC Invader, Dark FTP, Doly Trojan, FreddyK, Invisible FTP, KWM, MscanWorm, NerTe, NokNok, Pinochet, Ramen, Reverse Trojan, RTB 666, The Flu, WinCrash, Voyager Alpha Force Trojans 21 tcp,udp ftp File Transfer [Control] SANS 21 tcp applications GeoVision DMIP Portforward 21, 80, 3389, 4550, 5550, 6550, 9650 tcp applications GeoVision TwinDVR with Webcam Portforward 21,80,3389,4550,5550,6550 tcp applications GeoVision Webcam Portforward 21,50000-50004 tcp applications Serv-U Portforward 21,1983 tcp applications Tales of Pirates Portforward 20,21 tcp applications vsftp Portforward 21 tcp,udp ftp File Transfer [Control] Nmap 21 tcp BackConstruction [trojan] Back Construction Neophasis 21 tcp BladeRunner [trojan] BladeRunner Neophasis 21 tcp CattivikFTPServer [trojan] Cattivik FTP Server Neophasis 21 tcp CCInvader [trojan] CC Invader Neophasis 21 tcp DarkFTP [trojan] Dark FTP Neophasis 21 tcp DolyTrojan [trojan] Doly Trojan Neophasis 21 tcp Fore [trojan] Fore Neophasis 21 tcp FreddyK [trojan] FreddyK Neophasis 21 tcp InvisibleFTP [trojan] Invisible FTP Neophasis 21 tcp Juggernaut42 [trojan] Juggernaut 42 Neophasis 21 tcp Larva [trojan] Larva Neophasis 21 tcp MotIvFTP [trojan] MotIv FTP Neophasis 21 tcp NetAdministrator [trojan] Net Administrator Neophasis 21 tcp Ramen [trojan] Ramen Neophasis 21 tcp RTB666 [trojan] RTB 666 Neophasis 21 tcp SennaSpyFTPserver [trojan] Senna Spy FTP server Neophasis 21 tcp Traitor21 [trojan] Traitor 21 Neophasis 21 tcp [trojan]TheFlu [trojan] The Flu Neophasis 21 tcp WebEx [trojan] WebEx Neophasis 21 tcp WinCrash [trojan] WinCrash Neophasis 21 tcp AudioGalaxy AudioGalaxy file sharing app Neophasis 21 tcp threat Back Construction Bekkoame 21 tcp threat Blade Runner Bekkoame 21 tcp threat Cattivik FTP Server Bekkoame 21 tcp threat CC Invader Bekkoame 21 tcp threat Dark FTP Bekkoame 21 tcp threat Doly Trojan Bekkoame 21 tcp threat Fore Bekkoame 21 tcp threat Invisible FTP Bekkoame 21 tcp threat Juggernaut 42 Bekkoame 21 tcp threat Larva Bekkoame 21 tcp threat MotIv FTP Bekkoame 21 tcp threat Net Administrator Bekkoame 21 tcp threat Ramen Bekkoame 21 tcp threat Senna Spy FTP server Bekkoame 21 tcp threat The Flu Bekkoame 21 tcp threat Traitor 21 Bekkoame 21 tcp threat W32.Bobax Bekkoame 21 tcp threat W32.Loxbot Bekkoame 21 tcp threat W32.Mytob Bekkoame 21 tcp threat WebEx Bekkoame 21 tcp threat WinCrash Bekkoame 21 tcp,udp ftp File Transfer Protocol [Control] [RFC959] IANA 21 sctp ftp FTP [RFC4960] IANA 56 records found SG security scan: port 21 jump to: Related ports: 20 443 1234 1235 1239 5410 12000 12122 14920 14923 « back to SG Ports External Resources SANS ISC: port 21 Notes: Port numbers in computer networking represent communication endpoints. Ports are unsigned 16-bit integers (0-65535) that identify a specific process, or network service. IANA is responsible for internet protocol resources, including the registration of commonly used port numbers for well-known internet services. Well Known Ports: 0 through 1023. Registered Ports: 1024 through 49151. Dynamic/Private : 49152 through 65535. TCP ports use the Transmission Control Protocol, the most commonly used protocol on the Internet and any TCP/IP network. TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and that packets will be delivered in the same order in which they were sent. Guaranteed communication/delivery is the key difference between TCP and UDP. UDP ports use the Datagram Protocol. Like TCP, UDP is used in combination with IP (the Internet Protocol) and facilitates the transmission of datagrams from one computer to applications on another computer, but unlike TCP, UDP is connectionless and does not guarantee reliable communication; it's up to the application that received the message to process any errors and verify correct delivery. UDP is often used with time-sensitive applications, such as audio/video streaming and realtime gaming, where dropping some packets is preferable to waiting for delayed data. When troubleshooting unknown open ports, it is useful to find exactly what services/processes are listening to them. This can be accomplished in both Windows command prompt and Linux variants using the "netstat -aon" command. We also recommend runnig multiple anti-virus/anti-malware scans to rule out the possibility of active malicious software. For more detailed and personalized help please use our forums. Please use the "Add Comment" button below to provide additional information or comments about port 21. User Reviews/Comments: rate: -- rating -- 5 - Excellent 4 - Good 3 - Average 2 - Poor 1 - Very Poor avg: by clairmont32 - 2014-02-18 11:29 Used by the Qakbot worm, which is known to do data exfiltration through FTP. Look for network logs showing seclog*.kcb files to determine if the exfiltration is attempting to take place. Related Links: SG Ports Database » Vulnerable Ports SG Security Scan » Scanned Ports » Commonly Open Ports SG Broadband Tools

Related Links All Known Ports All Vulnerable Ports Scanned Ports Open Ports Recently Updated Ports Popular Ports/Ranges SG Security Scan

Copyright © 1999-2025 Speed Guide, Inc. All rights reserved. About · Terms of Use · Privacy Policy · Change Ad Consent Do not sell my data

News Glossary of Terms

FAQs

Cool Links SpeedGuide Teams

SG Premium Services SG Gear Store

Registry Tweaks Broadband Tools

Downloads/Patches Broadband Hardware

SG Ports Database Security

Default Passwords User Stories

Broadband Security

Editorials General

User Articles Quick Reference

Broadband Forums General Discussions

Advertising Awards

Link to us Server Statistics

Helping SG About

News FAQs Glossary of Terms Cool Links SpeedGuide Teams SG Premium Services SG Gear Store XML - RSS Feeds Cable Modems FAQ DSL FAQ General Broadband FAQ General Windows FAQ Windows 7 FAQ Windows 8 FAQ Hardware FAQ General Networking FAQ Wireless Networking FAQ Mobile Networking FAQ Routers FAQ Satellite FAQ Security FAQ Site FAQ Speed Test FAQ TCP Analyzer FAQ TCP Optimizer FAQ Tweaking FAQ VoIP FAQ General Links Broadband Links Networking Links Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories Windows 2k/XP Registry Tweaks Windows 2k/XP - More Tweaks Windows 9x/ME Registry Tweaks Advanced Windows XP/9x Tweaking System.ini IRQ Tweak Host Resolution Priority Tweak Linux Broadband Tweaks Windows XP SP2 tcpip.sys connection limit patch LAN Tweaks for Windows XP, 2000, 2003 Server Internet Explorer, Chrome, Firefox Web Browser Tweaks Windows 2003 TCP/IP parameters Windows 7, Vista, 2008 Tweaks Windows Vista tcpip.sys connection limit patch for Event ID 4226 Gaming Tweaks LAN Tweaks for Windows 7, 8, 10 Quality of Service - ToS DSCP WMM Windows 10,11 TCP/IP Tweaks Android TCP/IP Speed Tweaks Windows 10 Manual TCP/IP Registry Tweaks SG TCP/IP Analyzer SG TCP/IP Optimizer SG Security Scanner SG Speed Test IP Address Locator MAC Address OUI Search Network Tools Bits/Bytes Calculator RWIN/BDP Calculator DSL Speed Calculator WLAN Key Generator Hash Generator TCP Optimizer Download TCP Optimizer Documentation Scanned Ports Commonly Open Ports All Ports Broadband Speed Test Test Stats Provider Stats Country Stats Mirror Stats Cable Horror Story Cable-Modem Security Worries D-Link DFL-300 VPN Router DSL Hell Get a Cable Modem - Go to Jail ??!? (external) Intermittent Cable signal It Figures - The need for a firewall MediaOne RoadRunner - Kicking in Network adapter MAC/OUI/Brand affect latency Road Runner Security - File and Print Sharing Router speed drop solved RR Tech Support Incompetence ... Short Stories and Fixes Squirrels and rain can slow down an ADSL modem... Telefonica Incompetence, Xenophobia or Fraud? The IP That Just Wouldn\'t Stick. Wireless Networks and WEP Broadband Security Editorials General User Articles Quick Reference Bits, Bytes and Bandwidth Reference Guide Ethernet auto-sensing and auto-negotiation How to Make Network Cables How to repair TCP/IP and Winsock How to set a Wireless Router as an Access Point Internet connection Sharing Internet Data Caps compared Network Adapter Optimization Router Configuration Guide TCP Congestion Control Algorithms Comparison The TCP Window, Latency, and the Bandwidth Delay product Windows 10 Anniversary updates to TCP Wireless Antenna Guide Wireless Network Speed Tweaks WLAN Primer General Security Guide How To Crack WEP and WPA Wireless Networks How to Secure your Wireless Network How to Stop Denial of Service (DoS) Attacks IRDP Security Vulnerability in Windows 9x Which VPN Protocol to use? Why encrypt your online traffic with VPN ? Cable Modems Technology Overview CISCO/VALVE PowerPlay MTU, what difference does it make ? Satellite Internet - What is it ? Server Based Network Guide Tom\'s Easy Home Networking Uncapping, The makings of a Semi-Myth How to Backup using Batch Files How to Backup using Batch Files under Windows 10 Ramdisk Guide SSD Linux Tweaks SSD Speed Tweaks Windows 2k/XP Tweaks Windows 9x Tweaks 5 Ways to Improve your Wireless Network Cable modem signal levels Cable Troubleshooting Guide Crimson Editor Difference between Routers, Switches and Hubs How DSL Internet Access Works ISPs hijack failed searches The History of DSL Internet Access Tips to improve your SNR Wi-Fi Standards Glossary Wireless Broadband service and LONG Range ADSL VPI, VCI and Encapsulation settings BIOS Error Codes Choosing RAM Type How to turn Wireless on/off in various Laptop models Linux TCP/IP parameters reference Subnetting and IPv4 Address Classes TCP Structure - Transmission Control Protocol The TCP/IP and OSI Network Models TLD Country Code Reference UDP - User Datagram Protocol Wireless LAN Standards Broadband Forums General Discussion Advertising Awards Link to us Helping SG About Server Statistics Copyright Privacy Policy