MITRE ATT&CK Technique
Description
**This technique has been deprecated. Please use [Non-Standard Port](https://attack.mitre.org/techniques/T1571) where appropriate.** Adversaries may communicate over a commonly used port to bypass firewalls or network detection systems and to blend with normal network activity to avoid more detailed inspection. They may use commonly open ports such as * TCP:80 (HTTP) * TCP:443 (HTTPS) * TCP:25 (SMTP) * TCP/UDP:53 (DNS) They may use the protocol associated with the port or a completely different protocol. For connections that occur internally within an enclave (such as those between a proxy or pivot node and other nodes), examples of common ports are * TCP/UDP:135 (RPC) * TCP/UDP:22 (SSH) * TCP/UDP:3389 (RDP)
Supported Platforms
Created
April 29, 2026
Last Updated
April 29, 2026
STIX Data
{'created': '2017-05-31T21:30:42.657Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': '**This technique has been deprecated. Please use '
'[Non-Standard '
'Port](https://attack.mitre.org/techniques/T1571) where '
'appropriate.**\n'
'\n'
'Adversaries may communicate over a commonly used port to '
'bypass firewalls or network detection systems and to blend '
'with normal network activity to avoid more detailed '
'inspection. They may use commonly open ports such as\n'
'\n'
'* TCP:80 (HTTP)\n'
'* TCP:443 (HTTPS)\n'
'* TCP:25 (SMTP)\n'
'* TCP/UDP:53 (DNS)\n'
'\n'
'They may use the protocol associated with the port or a '
'completely different protocol. \n'
'\n'
'For connections that occur internally within an enclave (such '
'as those between a proxy or pivot node and other nodes), '
'examples of common ports are \n'
'\n'
'* TCP/UDP:135 (RPC)\n'
'* TCP/UDP:22 (SSH)\n'
'* TCP/UDP:3389 (RDP)',
'external_references': [{'external_id': 'T1043',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/techniques/T1043'},
{'description': 'Gardiner, J., Cova, M., Nagaraja, '
'S. (2014, February). Command & '
'Control Understanding, Denying and '
'Detecting. Retrieved April 20, 2016.',
'source_name': 'University of Birmingham C2',
'url': 'https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf'}],
'id': 'attack-pattern--f879d51c-5476-431c-aedf-f14d207e4d1e',
'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
'phase_name': 'command-and-control'}],
'modified': '2025-10-24T17:49:38.270Z',
'name': 'Commonly Used Port',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'revoked': False,
'spec_version': '2.1',
'type': 'attack-pattern',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_deprecated': True,
'x_mitre_detection': '',
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_is_subtechnique': False,
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_platforms': ['Linux', 'macOS', 'Windows'],
'x_mitre_version': '1.1'}