Skip to main content

Blocked ports and internet resources

Last update:

In the Selectel infrastructure, a number of TCP/UDP ports are blocked; details and a list of such ports can be found in the Blocked Ports subsection.

Also, access to public subnets of the e-government is blocked from the Selectel infrastructure. For example, the Gosuslugi portal and related services are located in such a subnet.

A full list of internet resources related to the e-government can be found in the What is e-government guide in the Gosuslugi portal documentation.

You can submit a request for unblocking. Each request is reviewed individually, but we cannot guarantee that access will be unblocked.

Blocked ports

To protect Selectel infrastructure from malicious network activity, we restrict access to certain TCP/UDP ports. Both incoming and outgoing traffic is blocked as it passes through the border routers (at the edge of the Selectel internet network).

For TCP ports 25, 465, 587, only outgoing traffic to public IPv4 and IPv6 addresses is blocked. Instead of these ports, we recommend using the Selectel email service.

A full list of blocked ports is provided in the List of blocked ports table. If a port is unavailable but not listed in the table, check its accessibility from the operating system using the nmap.

List of blocked ports

Port and application protocolPort purposeTransport protocolReason for blockingRequesting unblocking is possible

17 QOTD

Transmission of a short text message when a client connects to a serverTCP/UDP
  • low security level;
  • risk of amplification attacks

25 SMTP

Sending emails between servers in plaintextTCP
  • spam prevention;
  • risk of interception of unencrypted traffic

111 ONC RPC (SunRPC)

Mapping RPC services (nfs, mountd, etc.) to port numbers on the serverTCP/UDP
  • risk of discovering all RPC services;
  • risk of unauthorized file access

135 Microsoft EPMAP

Mapping RPC calls to specific services and ports on a remote systemTCP/UDP
  • risk of unauthorized system access;
  • risk of interception and manipulation of RPC calls (MITM);
  • risk of service or method enumeration

137 NetBIOS Name Service

Resolving computer names in a local network using the NetBIOS protocolTCP/UDP
  • risk of network reconnaissance;
  • risk of unauthorized access to resources;
  • device name spoofing in the network;
  • risk of DoS attacks through broadcast traffic overload

138 NetBIOS Datagram Service

Transferring small messages between devices in a network without establishing a connectionTCP/UDP
  • risk of attacks via unencrypted data transmission;
  • risk of DoS attacks through broadcast traffic overload;
  • risk of gathering information about hosts, users, and shared resources

139 NetBIOS Session Service

Shared access to files, printers, and ports in Windows networks via NetBIOSTCP/UDP
  • risk of attacks on SMB and NetBIOS vulnerabilities;
  • risk of network scanning and information gathering

389 LDAP

Connecting to an LDAP directory for authentication and data searchTCP/UDP
  • risk of password brute-forcing;
  • risk of unauthorized access to directory data

427 SLP

Discovering network services and devices in a local networkTCP/UDP
  • risk of amplification attacks;
  • risk of internal network structure exposure

445 SMB

File sharing in Windows networks via TCP/IP without NetBIOSTCP/UDP
  • risk of attacks on SMB vulnerabilities;
  • risk of password brute-forcing;
  • risk of malware propagation

465 SMTPS

Secure email sending (SMTPS) using SSL/TLS encryptionTCP
  • risk of downgrade attacks;
  • risk of hiding malicious traffic from analysis

520 RIP

Exchanging routing information in small networks using the RIP protocolUDP
  • risk of traffic redirection for data interception (route spoofing);
  • risk of traffic redirection to a malicious node (MITM);
  • risk of DoS attacks via malicious updates

587 SMTP

Secure email sending via SMTP using STARTTLSTCP
  • risk of spam and phishing due to weak security;
  • risk of password brute-forcing;
  • risk of data leakage when encryption is disabled or weak

1900 SSDP

Device and service discovery in a local network (printers, TVs, routers)UDP
  • risk of DoS attacks through request overload;
  • risk of automatic port opening on a router

3702 WS-Discovery

Dynamic web service discovery in a local networkUDP
  • risk of amplification attacks;
  • risk of unauthorized access to devices

11211 Memcached

Access to Memcached cache server for accelerating web applicationsTCP/UDP
  • risk of amplification attacks;
  • risk of data leakage in the absence of authentication

Submit a request for unblocking

You can submit a request for unblocking:

Each request is reviewed individually, but we cannot guarantee that access will be unblocked and reserve the right to refuse without explanation.

After unblocking, a port or subnet access may be blocked again, for example, if you send spam or your IP address is blacklisted. For more information, see the Network Blocks guide.

Access to e-government subnets

We review each unblocking request individually, but we cannot guarantee that access will be unblocked and reserve the right to refuse without providing a reason.

  1. Create a ticket. In the ticket, specify:

    • purpose of access;

    • IP addresses or subnets from which the traffic will originate.

  2. Wait for a response from a Selectel employee regarding the decision in the ticket.

Ports 25, 465, 587

We review every unblocking request individually but cannot guarantee that your request will be approved; we also reserve the right to decline without providing a reason.

If we approve your request, ports 25, 465, and 587 will be unblocked for all public addresses in the account, except for:

  • dedicated server IP addresses in pools TAS-1, TAS-2, ALM-1, NBO-1;
  • IP addresses of the cloud platform in pools uz-1, uz-2, kz-1, ke-1, as well as public floating IP addresses in all pools.

To submit a request:

  1. Create a ticket. In the ticket, specify:

    • types of emails, for example, transactional, business correspondence, newsletters, etc.;
    • email examples;
    • planned subjects (email topics);
    • domain from which emails will be sent;
    • expected sending volume — the number of emails per week.
  2. Wait for a response from a Selectel employee in the ticket regarding the decision.

Ports 135, 137, 138, 139, 445

We review every unblocking request individually but cannot guarantee that your request will be approved; we also reserve the right to decline without providing a reason.

You can submit a request to unblock a port only for a public dedicated subnet of a dedicated server.

  1. Ensure that the server IP address belongs to a public dedicated subnet. In the Control panel, click ProductsDedicated ServersNetwork → the Public subnets tab → select the Dedicated subnet type → view the list of networks. If the IP address does not belong to a public dedicated subnet, the port cannot be unblocked for it.

  2. Create a ticket. In the ticket, specify:

    • the port to be unblocked;
    • the purpose of using the port;
    • public dedicated subnet of the dedicated server for which you need to unblock the port. The list of public dedicated subnets can be viewed in the Control Panel: in the top menu, click ProductsDedicated ServersNetwork → the Public subnets tab → select the Dedicated subnet type.
  3. Wait for a response from a Selectel employee regarding the decision in the ticket.