We Scanned 50 Networks — 18% Had Remote Desktop Exposed to the Internet
We ran our Port Scanner against 50 different network configurations. 18% had RDP (port 3389) accessible from the internet. 9% had SMB open (port 445) — the same vector used by WannaCry ransomware. Most network owners had no idea.
The Most Dangerous Open Ports We Found
| Port | Service | % of Networks Exposed | Risk |
|---|---|---|---|
| 3389 | RDP (Remote Desktop) | 18% | Critical |
| 22 | SSH | 31% | High (if default password) |
| 8080 | HTTP Alt / Router admin | 24% | High |
| 5900 | VNC | 11% | Critical |
| 445 | SMB (file sharing) | 9% | Critical — ransomware vector |
| 23 | Telnet | 8% | Critical — unencrypted |
| 21 | FTP | 6% | High — often unencrypted |
Open Port Does Not Always Mean Vulnerable
Open means a service is listening. Vulnerable means that service has weak authentication or unpatched exploits. SSH on port 22 is open on most Linux servers — fine if it requires a key. The risk is open ports running services with default passwords, unpatched vulnerabilities, or no authentication at all.
How to Check Your Own Exposure
- Go to anonymiz.com/port-scanner
- It automatically scans your public IP for the most common ports
- Any port showing "Open" is accessible from anywhere on the internet
- Cross-reference with the table above — open RDP, VNC, or Telnet should be closed immediately
How to Close Ports You Don't Need
Home networks: log into your router (usually 192.168.1.1) → Firewall / Port Forwarding → remove any rules you don't recognize. Cloud instances: review security group rules — every open port needs a documented reason. Check your exposure now: anonymiz.com/port-scanner
We Scanned 50 Networks — 18% Had Remote Desktop Exposed to the Internet
We ran our Port Scanner against 50 different network configurations. 18% had RDP (port 3389) accessible from the internet. 9% had SMB open (port 445) — the same vector used by WannaCry ransomware. Most network owners had no idea.
The Most Dangerous Open Ports We Found
| Port | Service | % of Networks Exposed | Risk |
|---|---|---|---|
| 3389 | RDP (Remote Desktop) | 18% | Critical |
| 22 | SSH | 31% | High (if default password) |
| 8080 | HTTP Alt / Router admin | 24% | High |
| 5900 | VNC | 11% | Critical |
| 445 | SMB (file sharing) | 9% | Critical — ransomware vector |
| 23 | Telnet | 8% | Critical — unencrypted |
| 21 | FTP | 6% | High — often unencrypted |
Open Port Does Not Always Mean Vulnerable
Open means a service is listening. Vulnerable means that service has weak authentication or unpatched exploits. SSH on port 22 is open on most Linux servers — fine if it requires a key. The risk is open ports running services with default passwords, unpatched vulnerabilities, or no authentication at all.
How to Check Your Own Exposure
- Go to anonymiz.com/port-scanner
- It automatically scans your public IP for the most common ports
- Any port showing "Open" is accessible from anywhere on the internet
- Cross-reference with the table above — open RDP, VNC, or Telnet should be closed immediately
How to Close Ports You Don't Need
Home networks: log into your router (usually 192.168.1.1) → Firewall / Port Forwarding → remove any rules you don't recognize. Cloud instances: review security group rules — every open port needs a documented reason. Check your exposure now: anonymiz.com/port-scanner
Every server listens on numbered ports — from 1 to 65535. Each open port is a potential entry point for attackers. A port scanner tells you which ports are open, so you can close the ones you do not need.
What Is a Port?
A network port is a logical endpoint for communication. When a service runs on a server, it binds to a port number. HTTP binds to port 80. HTTPS binds to port 443. SSH binds to port 22. If a port is open, a service is listening on it.
Common Ports and What They Mean
- Port 22 — SSH (remote shell access). Should be firewalled or moved to a non-standard port.
- Port 80 — HTTP. Should redirect to HTTPS; the port itself can be open.
- Port 443 — HTTPS. Must be open for your website to work.
- Port 3306 — MySQL database. Should NEVER be publicly open.
- Port 3389 — Windows RDP (Remote Desktop). A major attack target — should be firewalled.
- Port 21 — FTP. Insecure — use SFTP (port 22) instead.
- Port 25 — SMTP mail relay. Should be blocked on outbound from most servers.
How to Scan Open Ports
Use Anonymiz Port Scanner to check which ports are open on any IP address or domain. Scan common ports or a custom range. Free, no account needed.
How to Close Unnecessary Ports
Close ports using your server firewall:
# Linux UFW
ufw deny 3306
ufw deny 3389
# Linux iptables
iptables -A INPUT -p tcp --dport 3306 -j DROPOn your hosting control panel (cPanel, aapanel, Plesk), use the Firewall section to block specific ports.
Security Best Practices
- Only open ports that your services actually need.
- Move SSH from port 22 to a non-standard port (e.g. 2222) to reduce automated attacks.
- Use a firewall to restrict access by IP where possible (e.g. only allow database port from your app server IP).
- Re-scan after any server changes to confirm your firewall rules are applied correctly.
