Skip to main content

Cloud

Risky Services

Learn about services that Illumio considers to be at risk. For information on Risk Reports, see Risk Reports.

Ransomware Risky Services

The following is a list of services that Illumio considers to be at risk for ransomware penetration and lateral movement.

Service

Service Name

Protocol

Port Number

Severity

HTTP

S-HTTP

TCP

80

Medium

LLMNR

S-LLMNR

UDP

5355

Medium

NFS

S-NFS

TCP/UDP

2049

Medium

RDP

S-RDP

TCP/UDP

3389

Critical

MSFT RPC

S-RPC

TCP

135

Critical

SMB

S-SMB

TCP/UDP

445

Critical

SSH

S-SSH

TCP/UDP

22

Medium

WinRM

S-WINRM

TCP

5985

Critical

WinRM Secure

S-WINRM-SECURE

TCP

5986

Critical

FTP Data

S-FTP-DATA

TCP

20

Medium

FTP Control

S-FTP-CONTROL

TCP

21

Medium

METASPLOIT

S-METASPLOIT

TCP/UDP

4444

Low

Multicast DNS

S-MDNS

UDP

5353

Medium

NetBIOS

S-NETBIOS

UDP

TCP

137, 138

137, 139

High

POP3

S-POPV3

TCP

110

Low

PPTP

S-PPTP

TCP/UDP

1723

Low

SSDP

S-SSDP

UDP

1900

Medium

SunRPC

S-SUNRPC

TCP/UDP

111

Low

TeamViewer

S-TEAMVIEWER

TCP/UDP

5938

High

Telnet

S-TELNET

TCP/UDP

23

Medium

VNC

S-VNC

TCP/UDP

5900

High

WSD

S-WSD

TCP/UDP

3702

Medium