Help Center/ Virtual Private Cloud/ FAQs/ Security/ Why Are Some Ports of ECSs Inaccessible?
Updated on 2024-03-30 GMT+08:00

Why Are Some Ports of ECSs Inaccessible?

When adding a security group rule, you must specify a port or port range for communications. Traffic is then allowed or denied if traffic matches this rule.

Table 1 lists some high-risk ports that are blocked by default. Even if you have added a security group rule to allow access over these ports, traffic over these ports in restricted regions is still denied. In this case, do not use these high-risk ports for your services.
Table 1 High-risk ports

Protocol

Port

TCP

42, 135, 137, 138, 139, 444, 445, 593, 1025, 1068, 1433, 1434, 3127, 3128, 3129, 3130, 4444, 4789, 5554, 5800, 5900, 8998, 9995, and 9996

UDP

135~139 1026 1027 1028 1068 1433 1434 4789 5554 9995 9996