Blocked ports and internet resources

To secure the Servercore infrastructure against malicious network activity, we restrict access to certain TCP/UDP ports. Incoming and outgoing traffic is blocked at the moment it passes through the borders (border routers) at the edge of the Servercore internet network.

For TCP ports 25, 465, 587, only outgoing traffic towards public IPv4 and IPv6 addresses is blocked. Instead of these ports, we recommend using the Servercore Email Service.

A full list of blocked ports is indicated in the List of blocked ports table. If a port is inaccessible but is not listed in the table, check its availability from the operating system using the nmap utility.

List of blocked ports

Port and application protocol	Port purpose	Transport protocol	Reason for blocking	Requesting unblocking is possible
17 QOTD	Transmission of a short text message when a client connects to a server	TCP/UDP	low security level; risk of amplification attacks	✗
25 SMTP	Sending emails between servers in plaintext	TCP	spam prevention; risk of interception of unencrypted traffic	✓
111 ONC RPC (SunRPC)	Mapping RPC services (nfs, mountd, etc.) to port numbers on the server	TCP/UDP	risk of discovering all RPC services; risk of unauthorized file access	✗
135 Microsoft EPMAP	Mapping RPC calls to specific services and ports on a remote system	TCP/UDP	risk of unauthorized system access; risk of interception and manipulation of RPC calls (MITM); risk of service or method enumeration	✓
137 NetBIOS Name Service	Resolving computer names in a local network using the NetBIOS protocol	TCP/UDP	risk of network reconnaissance; risk of unauthorized access to resources; device name spoofing in the network; risk of DoS attacks through broadcast traffic overload	✓
138 NetBIOS Datagram Service	Transferring small messages between devices in a network without establishing a connection	TCP/UDP	risk of attacks via unencrypted data transmission; risk of DoS attacks through broadcast traffic overload; risk of gathering information about hosts, users, and shared resources	✓
139 NetBIOS Session Service	Shared access to files, printers, and ports in Windows networks via NetBIOS	TCP/UDP	risk of attacks on SMB and NetBIOS vulnerabilities; risk of network scanning and information gathering	✓
389 LDAP	Connecting to an LDAP directory for authentication and data search	TCP/UDP	risk of password brute-forcing; risk of unauthorized access to directory data	✗
427 SLP	Discovering network services and devices in a local network	TCP/UDP	risk of amplification attacks; risk of internal network structure exposure	✗
445 SMB	File sharing in Windows networks via TCP/IP without NetBIOS	TCP/UDP	risk of attacks on SMB vulnerabilities; risk of password brute-forcing; risk of malware propagation	✓
465 SMTPS	Secure email sending (SMTPS) using SSL/TLS encryption	TCP	risk of downgrade attacks; risk of hiding malicious traffic from analysis	✓
520 RIP	Exchanging routing information in small networks using the RIP protocol	UDP	risk of traffic redirection for data interception (route spoofing); risk of traffic redirection to a malicious node (MITM); risk of DoS attacks via malicious updates	✗
587 SMTP	Secure email sending via SMTP using STARTTLS	TCP	risk of spam and phishing due to weak security; risk of password brute-forcing; risk of data leakage when encryption is disabled or weak	✓
1900 SSDP	Device and service discovery in a local network (printers, TVs, routers)	UDP	risk of DoS attacks through request overload; risk of automatic port opening on a router	✗
3702 WS-Discovery	Dynamic web service discovery in a local network	UDP	risk of amplification attacks; risk of unauthorized access to devices	✗
11211 Memcached	Access to Memcached cache server for accelerating web applications	TCP/UDP	risk of amplification attacks; risk of data leakage in the absence of authentication	✗

Submit a request for unblocking

You can submit a request for unblocking:

mail ports 25, 465, 587;
ports 135, 137, 138, 139, 445.

Each request is reviewed individually, but we cannot guarantee that access will be unblocked and reserve the right to refuse without explanation.

After unblocking, a port may be blocked again, for example, if you send spam or your IP address is blacklisted. For more information, see the Network Blocks guide.

Ports 25, 465, 587

If we approve your request, ports 25, 465, and 587 will be unblocked for all public addresses in the account, except for:

IP addresses of dedicated servers in pools TAS-1, TAS-2, ALM-1, NBO-1;
IP addresses of cloud servers in pools uz-1, uz-2, kz-1, ke-1.

Create a ticket. In the ticket, specify:
- the types of emails — for example, transactional, business correspondence, newsletters, etc.;
- examples of emails;
- planned subjects of emails;
- the domain from which emails will be sent;
- the expected sending volume — the number of emails per week.
Wait for a response from a Servercore employee in the ticket regarding the decision made.

Ports 135, 137, 138, 139, 445

Dedicated Servers
Cloud servers

A port cannot be unblocked for public shared IP addresses of a dedicated server. You can check if a public IP address is shared in the control panel: in the top menu, click Products → Dedicated Servers → server page → Network tab. IP addresses that are in the /32 subnet are shared.

You can submit a request for unblocking a port for public dedicated subnets of a dedicated server.

Create a ticket. In the ticket, specify:
- the port that needs to be unblocked;
- the purpose of using the port;
- a public dedicated subnet of a dedicated server for which the port needs to be unblocked. A list of public dedicated subnets can be viewed in the control panel: in the top menu, click Products → Dedicated Servers → Network → Public subnets tab → select the subnet type Dedicated.
Wait for a response from a Servercore employee in the ticket regarding the decision made.