Is port 5985 (WinRM HTTP) dangerous?

Port 5985 is classified as critical risk and should not be exposed to the public internet. It transmits data without encryption, making it vulnerable to eavesdropping and credential theft.

Should port 5985 be open on my firewall?

No, port 5985 should not be open to the public internet. Block it at the firewall and use encrypted alternatives such as SSH, SFTP, or HTTPS instead.

What transport protocol does port 5985 use?

Port 5985 (WinRM HTTP) uses the TCP transport protocol and falls under the Remote Access category.

:5985 (TCP)

WinRM HTTP

Critical Risiko

TCP — Remote Access

Ikhtisar Port

Nomor Port 5985

Nama Layanan WinRM HTTP

Protokol Transport TCP

Kategori Remote Access

Risiko Keamanan Critical

Rentang Port Terdaftar (1024-49151)

Apa itu Port 5985?

Port 5985 is used by Windows Remote Management (WinRM) for HTTP-based remote PowerShell and management connections. WinRM implements the WS-Management protocol for remote Windows administration and is used by tools like Ansible and PowerShell remoting. Exposure of this port allows remote command execution on Windows systems.

TCP Remote Access Umum Digunakan

Pertimbangan Keamanan

Port 5985 (WinRM HTTP) diklasifikasikan sebagai risiko kritis. Port ini tidak boleh diekspos ke internet publik. Layanan ini mentransmisikan data tanpa enkripsi, sehingga rentan terhadap penyadapan, pencurian kredensial, dan serangan man-in-the-middle.

Rekomendasi: Blokir port ini di firewall. Gunakan alternatif terenkripsi (SSH, SFTP, HTTPS) sebagai gantinya.

Port Terkait — Remote Access

22 SSH 23 Telnet 57 Private Terminal Access 89 SU/MIT Telnet Gateway 95 SUPDUP 107 Remote Telnet 177 XDMCP 219 Uarps

Istilah Terkait

SSL/TLS Certificate DDoS DNS Spoofing Encryption Firewall HTTPS