What Is Port 1720 Used For?
Some ports are more interesting than others. Some have a long history, some are dangerous, some are popular. During your research, you might come across the less-known port 1720. So, what is the use of port 1720?
Port 1720 is for connections related to voice over IP communications. Like so, it follows the H.323 teleconferencing protocols to establish these connections. It’s also becoming a cornerstone in making video meetings in a virtual world a reality.
What’s the story behind port 1720, and why is it dangerous? Here’s the full story with all the details!
Port 1720: A Background Story
You’re probably familiar with the Session Initiation Protocol or SIP for short.
It’s the communication protocol responsible for voice over IP devices. It uses TCP port numbers 5060 and port 5061.
This protocol regulates setting up calls, ringing other voice over IP devices, and terminating the signal when it’s over.
Not only that, but ISP includes other forms of communications, including instant messaging, video conferencing, and file transfer.
More applications use the SIP than you might think.
Furthermore, SIP isn’t the only voice over IP protocol to use. Other protocols include H.323 that uses TCP port 1720.
The International Telecommunication Union invented H.323 in 1996 to run video conferencing equipment such as videophones. The H.323 standard is an umbrella term that describes several sub-protocols that come from the telecommunications industry.
Because several protocols are running, your voice over IP program might be using other ports than 1720. At its heart, H.323 is a signaling protocol similar to Skinny and SIP.
It let you set up voice over IP calls, ringing other phones, and hanging up when you finish the call.
But H.323 is much older than those protocols, at least, when it comes to deployment. Long before voice over IP, there was video conferencing.
The Dangers Of Port 1720
Microsoft NetMeeting was a program that depended on ports 1720 and 389 to operate. These ports were wide open for cybercriminals to abuse.
Bad actors would stage Denial of Service (DoD) attacks for port 1729 and the H.323 protocol. Even though NetMeeting is now history, these cybercriminals still find new ways to exploit port 1720 vulnerabilities.
If you’re going to use similar programs to NetMeeting, or other programs that use H.323, be careful with opening port 1720. It’s a best practice to allow using port 1720 when it’s indispensable.
Furthermore, you may want to configure your NAT router or personal firewall to open port 1720 when needed for voice over IP.
Otherwise, you may need to keep it shut.
You may want to be extra careful with UDP port 1720. While voice over IP is still active to this day with more secure programs, they make your system open to attack.
The firewalls on every device connected to your network must be incredibly protocol-aware. It’s the only way to protect these devices from hackers.
Also, confirm that your NAT router and firewall can manage voice over IP connections before investing in them.
The NAT Slipstreaming Attacking Ports 5060 and 5061
A bad actor could sneak into your computer through the browser when ports 5060 and 5061 are open.
All it takes is clicking on one innocent-looking but malicious link.
The attacker would bypass the NAT and firewall defenses and cause a lot of mayhem to your device.
It’s a type of NAT Slipstreaming attack that cracks the SIP protocol to gain illegal access through 5060 and 5061 ports.
Most browsers (Chrome, Firefox, and Safari) caught up and made patches to mitigate the attack.
The NAT Slipstreaming 2.0 Attacking Port 1720
Security researchers, however, discovered a new version of the NAT Slipstreaming attack that exploit port 1720.
This new incarnation left SIP alone and moved to the H.323 multimedia protocol. The latest attack followed the same concept of finding loopholes to bypass NAT tables and firewall defenses.
The NAT Slipstreaming 2.0 is more dangerous. Why? Because it doesn’t only break into a user’s computer but also the connected devices in the LAN.
For example, if you have printers and cameras connected to the network, the attacker would gain access to them through the infected computers. The attackers can use the printer and view camera footage.
Port 1720 using the H.323 protocol isn’t the only vulnerable port. Other “weaker link” ports are 69, 137, 161, 1719, 1723, 6566, and 10080.
If you’re using the latest version of your browser, you probably won’t be able to make HTTP, HTTPS, or FTP connections through these ports.
Port 1720 Make Cloud-based Video Conferencing Possible
In a post-pandemic world, video conferencing is the norm. Organizations around the world are connecting through cloud-based video conferencing. And remote workers are using it to connect to businesses.
Software like Microsoft Teams, Google Hangouts, and Skype depends on H.323 and SIP for connectivity. Port 1720 is one of the ports that allow these connections.
Port 1720 is a crucial part of making network hardware interoperability work. If your device is SIP or H.323 compatible, you can connect to video conferencing seamlessly.
Third-party video conference gateways exist today to make this universal compatibility possible.
H.323 is also vendor-neutral. It doesn’t matter if you’re using Cisco, Lifesize, or Polycom systems. It doesn’t matter if you’re using a mobile device, laptop, or desktop computer. You can still connect.
Secure Your Network
Very soon, you’ll be able to connect with your boss in a virtual world in your hologram body.
It’ll be thanks to technologies such as H.323 and port 1720 by proxy.
It’s time to take a step back, and before you get too excited, think of ways to secure your connections.
Engineers work 24/7 hours to patch and secure this technology. On the other side, blackmailers are working to break the system.
All in all, you must find ways to secure your network to keep the bad guys out.
Follow a simple rule: when you’re not using it, turn it off.