Blocked ports and Internet resources

To secure the Servercore infrastructure from malicious network activity, we restrict access to certain TCP/UDP ports. Incoming and outgoing traffic is blocked when it passes the border routers at the edge of the Servercore Internet network.

For TCP ports 25, 465, 587 only outgoing traffic to public IPv4 and IPv6 addresses is blocked. We recommend using Servercore mail service instead of these ports.

For a complete list of blocked ports, see the Blocked Ports List table. If a port is unavailable but not listed in the table, check its availability from the operating system side using the nmap utility.

List of blocked ports

Port and application protocol	Port assignment	Transport Protocol	Reason for blocking	You can submit an unlock request
17 QOTD	Transmitting a short text message when a client connects to the server	TCP/UDP	low security; risk of amplification attacks	✗
25 SMTP	Sending emails between servers in unencrypted form	TCP	spam prevention; risk of unencrypted traffic being intercepted	✓
111 ONC RPC (SunRPC)	Mapping RPC services (nfs, mountd, etc.) to port numbers on the server	TCP/UDP	risk of detecting all RPC services; risk of unauthorized access to files	✗
135 Microsoft EPMAP	Mapping RPC calls to specific services and ports on the remote system	TCP/UDP	risk of unauthorized access to the system; risk of interception and manipulation of RPC calls (MITM); risk of enumeration of service and method names (enumeration)	✓
137 NetBIOS Name Service	NetBIOS computer name resolution on a local network	TCP/UDP	The risk of being used for network reconnaissance; risk of unauthorized access to resources; spoofing of device names on the network (spoofing); risk of DoS attacks through broadcast traffic congestion	✓
138 NetBIOS Datagram Service	Transmit small messages between devices on the network without establishing a connection	TCP/UDP	The risk of attacks through insecure data transmission; risk of DoS attacks through broadcast traffic congestion; risk of collecting information about hosts, users and shared resources	✓
139 NetBIOS Session Service	Sharing files, printers, and ports on Windows networks via NetBIOS	TCP/UDP	risk of attacks on SMB and NetBIOS vulnerabilities; the risk of network scanning and information gathering	✓
389 LDAP	Connecting to LDAP directory for authentication and data retrieval	TCP/UDP	the risk of password mining; risk of unauthorized access to directory data	✗
427 SLP	Discovery of network services and devices on the local network	TCP/UDP	the risk of amplification-attacks; risk of disclosing the structure of the intranet	✗
445 SMB	File sharing on Windows networks over TCP/IP without NetBIOS	TCP/UDP	risk of attacks on SMB vulnerabilities; the risk of password mining; malware risk	✓
465 SMTPS	Secure mail sending (SMTPS) using SSL/TLS encryption	TCP	The risk of encryption downgrade attacks; Risk of hiding malicious traffic from analysis	✓
520 RIP	Routing information exchange in small networks using RIP protocol	UDP	risk of redirecting traffic to intercept data (route spoofing); The risk of traffic being redirected to a malicious host (MITM); risk of DoS attacks through false updates	✗
587 SMTP	Secure sending of e-mails via SMTP using STARTTLS	TCP	risk of spamming and phishing with weak security; the risk of password mining; Risk of data leakage if encryption is disabled or weak	✓
1900 SSDP	Discovery of devices and services on the local network (printers, TVs, routers)	UDP	The risk of DoS attacks through request overload; risk of automatic opening of ports on the router	✗
3702 WS-Discovery	Dynamic discovery of web services on the local network	UDP	the risk of amplification-attacks; risk of unauthorized access to devices	✗
11211 Memcached	Memcached cache server access to accelerate web applications	TCP/UDP	the risk of amplification-attacks; risk of data leakage in the absence of authentication	✗

Submit an unlock request

You can submit an unlock request:

postal ports 25, 465, 587;
ports 135, 137, 138, 138, 139, 445.

We consider each request individually, but we cannot guarantee unlocking and reserve the right to refuse without explanation.

After unlocking the port may be blocked again, for example, if spam is sent or your IP address is included in a spam list. For more information, see Network Blocking.

Ports 25, 465, 587

If we approve your request, ports 25, 465, and 587 will be unblocked for all public addresses in the account except:

IP addresses of dedicated servers in pools TAS-1, TAS-2, ALM-1, NBO-1;
IP addresses of cloud servers in pools uz-1, uz-2, kz-1, ke-1.

Create a ticket. In the ticket specify:
- Types of emails - e.g. transactional, work correspondence, mailings, etc;
- sample letters;
- planned headings (email topics);
- the domain from which the emails will be sent;
- expected sending volume - the number of emails per week.
Wait in the ticket for a Servercore employee to respond with a decision.

Ports 135, 137, 138, 139, 445.

Dedicated servers
Cloud servers

You cannot unblock a port for public shared IP addresses of a dedicated server. You can see if a public IP address is shared in the Control Panel: from the top menu, click Products → Dedicated Servers → Server page → Network tab . IP addresses that are in the /32 subnet are shared.

You can submit a port unblocking request for public dedicated subnets of a dedicated server.

Create a ticket. In the ticket specify:
- the port to be unblocked;
- the purpose of using the port;
- public dedicated subnet of the dedicated server for which you want to unblock the port. The list of public dedicated subnets can be viewed in the control panel: in the top menu, click Products → Dedicated Servers → Network → Public Subnets tab → select the Dedicated subnet type.
Wait in the ticket for a Servercore employee to respond with a decision.