Blocked ports and internet resources

To secure Servercore infrastructure from malicious network activity, we limit access to certain TCP/UDP ports. Incoming and outgoing traffic is blocked as it passes through the border routers at the edge of the Servercore network.

For TCP ports 25, 465, and 587, only outgoing traffic to public IPv4 and IPv6 addresses is blocked. Instead of these ports, we recommend using the Servercore email service.

A full list of blocked ports is provided in the table List of blocked ports. If a port is unavailable but is not listed in the table, check its availability from the operating system side using the nmap.

List of blocked ports

Port and application protocol	Port purpose	Transport protocol	Reason for blocking	Requesting unblocking is possible
17 QOTD	Transmission of a short text message when a client connects to a server	TCP/UDP	low security level; risk of amplification attacks	✗
25 SMTP	Sending emails between servers in plaintext	TCP	spam prevention; risk of interception of unencrypted traffic	✓
111 ONC RPC (SunRPC)	Mapping RPC services (nfs, mountd, etc.) to port numbers on the server	TCP/UDP	risk of discovering all RPC services; risk of unauthorized file access	✗
135 Microsoft EPMAP	Mapping RPC calls to specific services and ports on a remote system	TCP/UDP	risk of unauthorized system access; risk of interception and manipulation of RPC calls (MITM); risk of service or method enumeration	✓
137 NetBIOS Name Service	Resolving computer names in a local network using the NetBIOS protocol	TCP/UDP	risk of network reconnaissance; risk of unauthorized access to resources; device name spoofing in the network; risk of DoS attacks through broadcast traffic overload	✓
138 NetBIOS Datagram Service	Transferring small messages between devices in a network without establishing a connection	TCP/UDP	risk of attacks via unencrypted data transmission; risk of DoS attacks through broadcast traffic overload; risk of gathering information about hosts, users, and shared resources	✓
139 NetBIOS Session Service	Shared access to files, printers, and ports in Windows networks via NetBIOS	TCP/UDP	risk of attacks on SMB and NetBIOS vulnerabilities; risk of network scanning and information gathering	✓
389 LDAP	Connecting to an LDAP directory for authentication and data search	TCP/UDP	risk of password brute-forcing; risk of unauthorized access to directory data	✗
427 SLP	Discovering network services and devices in a local network	TCP/UDP	risk of amplification attacks; risk of internal network structure exposure	✗
445 SMB	File sharing in Windows networks via TCP/IP without NetBIOS	TCP/UDP	risk of attacks on SMB vulnerabilities; risk of password brute-forcing; risk of malware propagation	✓
465 SMTPS	Secure email sending (SMTPS) using SSL/TLS encryption	TCP	risk of downgrade attacks; risk of hiding malicious traffic from analysis	✓
520 RIP	Exchanging routing information in small networks using the RIP protocol	UDP	risk of traffic redirection for data interception (route spoofing); risk of traffic redirection to a malicious node (MITM); risk of DoS attacks via malicious updates	✗
587 SMTP	Secure email sending via SMTP using STARTTLS	TCP	risk of spam and phishing due to weak security; risk of password brute-forcing; risk of data leakage when encryption is disabled or weak	✓
1900 SSDP	Device and service discovery in a local network (printers, TVs, routers)	UDP	risk of DoS attacks through request overload; risk of automatic port opening on a router	✗
3702 WS-Discovery	Dynamic web service discovery in a local network	UDP	risk of amplification attacks; risk of unauthorized access to devices	✗
11211 Memcached	Access to Memcached cache server for accelerating web applications	TCP/UDP	risk of amplification attacks; risk of data leakage in the absence of authentication	✗

Submit a request for unblocking

You can submit a request for unblocking:

• mail ports 25, 465, 587;

• ports 135, 137, 138, 139, 445.

Each request is reviewed individually, but we cannot guarantee that access will be unblocked and reserve the right to refuse without explanation.

After unblocking, a port may be blocked again, for example, if you send spam or your IP address is blacklisted. For more information, see the Network Blocks guide.

Ports 25, 465, 587

We review each unblocking request individually, but we cannot guarantee that access will be unblocked and reserve the right to refuse without providing a reason.

If we approve your request, ports 25, 465, and 587 will be opened for all public addresses in the account, excluding:

• IP addresses of dedicated servers in pools TAS-1, TAS-2, ALM-1, NBO-1; ;
• IP addresses of cloud servers in pools uz-1, uz-2, kz-1, ke-1.

1. Create a ticket. In the ticket, specify:

   • types of emails—for example, transactional, business correspondence, newsletters, etc.;
   • examples of emails;
   • planned subjects (email topics);
   • the domain from which emails will be sent;
   • expected sending volume—number of emails per week.

2. Wait for a response from a Servercore employee regarding the decision in the ticket.

Ports 135, 137, 138, 139, 445

We review each unblocking request individually, but we cannot guarantee that access will be unblocked and reserve the right to refuse without providing a reason.

Dedicated Servers

You cannot unblock a port for public shared IP addresses of a dedicated server. You can check whether a public IP address is shared in the control panel: in the top menu, click Products → Dedicated Servers → server page → tab Network. IP addresses that are in the /32 subnet are shared.

You can submit a request to unblock a port for public dedicated subnets of a dedicated server.

1. Create a ticket. In the ticket, specify:

   • the port to be unblocked;
   • the purpose of using the port;
   • the public dedicated subnet of the dedicated server for which you need to unblock the port. A list of public dedicated subnets can be viewed in the Control panel: in the top menu, click Products → Dedicated Servers → Network → tab Public subnets → select the subnet type Dedicated.

2. Wait for a response from a Servercore employee regarding the decision in the ticket.

Cloud Servers

You cannot unblock a port for public shared IP addresses of a cloud server. You can check whether a public IP address is shared in the control panel: in the top menu, click Products → Cloud Servers → section Network → tab Public IP addresses.

You can submit a request to unblock a port for public subnets of a cloud server.

1. Create a ticket. In the ticket, specify:

   • the port to be unblocked;
   • the purpose of using the port;
   • a public subnet of a cloud server for which you need to unblock a port. You can view the list of public subnets in the control panel: in the top menu, click Products → Cloud Servers → Network → tab Public subnets.

2. Wait for a response from a Servercore employee regarding the decision in the ticket.