T1043 - Commonly Used Port

This technique has been deprecated. Please use Non-Standard Port where appropriate.

Adversaries may communicate over a commonly used port to bypass firewalls or network detection systems and to blend with normal network activity to avoid more detailed inspection. They may use commonly open ports such as

• TCP:80 (HTTP)
• TCP:443 (HTTPS)
• TCP:25 (SMTP)
• TCP/UDP:53 (DNS)

They may use the protocol associated with the port or a completely different protocol.

For connections that occur internally within an enclave (such as those between a proxy or pivot node and other nodes), examples of common ports are

• TCP/UDP:135 (RPC)
• TCP/UDP:22 (SSH)
• TCP/UDP:3389 (RDP)