# Port scanning monitoring Open ports you didn't know about are how breaches happen. Redis exposed without authentication. MongoDB accessible from the internet. A forgotten SSH port on a development server. You tell us which ports should be open, and we scan all 65,535 TCP ports on your server every 12 hours. When an expected port goes down, you'll know. When an unexpected port appears, you'll know that too. [ Start monitoring ](https://ohdear.app/register) 10 day free trial No credit card required ## The nightmare scenarios we prevent Exposed services, breached data, compliance failures Team A exposes Redis or MongoDB without authentication - Team B assumed it was internal only. By the time anyone notices, attackers have already extracted your data. These services have no authentication by default, and a single misconfigured firewall rule exposes everything. Forgotten SSH access on temporary servers left running for months. That "quick test server" from six months ago is still accessible, with weak credentials, running outdated software. It's an open door into your infrastructure. Database ports open after firewall misconfiguration or cloud migration. A single change to your security groups accidentally exposes MySQL, PostgreSQL, or Redis to the entire internet. Without monitoring, you won't know until it's too late. You define which ports should be open, and we scan all 65,535 ports every hour. If an expected port goes down, you're alerted. If a port that's not on your list shows up open, you're alerted too. To avoid false alarms from network glitches, we confirm the issue with a second scan before notifying you. Common exposed services Redis (6379) - No auth by default MongoDB (27017) - Often misconfigured MySQL (3306) - Database exposed RDP (3389) - Remote desktop access ## Stop finding out from attackers Continuous monitoring beats occasional audits Manual port scans require remembering to run them. Most teams only think about port security during quarterly reviews, penetration tests, or after an incident. By then, exposed services may have been accessible for weeks or months. Annual penetration tests miss changes in between. Infrastructure changes constantly - new servers, updated firewall rules, cloud migrations. A yearly pentest catches vulnerabilities at a single point in time, not the 364 other days. We check every hour from multiple locations. Issues caught in hours, not months. No infrastructure to maintain, no commands to remember, no schedules to manage. Just continuous visibility into your attack surface. When an unexpected port opens or an expected service goes down, you'll know within hours, not when a security researcher or attacker tells you. ## Define your security baseline Tell us what's expected, we'll alert on deviations Specify which ports should be open. For a web server, that's typically port 80 (HTTP) and 443 (HTTPS). For an email server, add 25, 587, and 993. That's all you need to configure. You don't need to list ports that should be closed. We scan all 65,535 ports, so any open port not on your list is flagged automatically. If Redis (6379), MySQL (3306), or MongoDB (27017) suddenly become reachable, you'll know without having to anticipate it. Smart defaults for common scenarios. We know which ports are security-sensitive and suggest them for monitoring. Start with our recommendations, then customize based on your specific infrastructure needs. Per-server configuration. A web server has different requirements than a database server or a jump box. Configure each server's expected state independently. ## Choose how we let you know when a port state changes unexpectedly Receive our notifications on your preferred platform. Via email, SMS, Slack, Discord, Opsgenie, Microsoft Teams, Pushover, ntfy, webhooks,… we can notify you wherever your team is active. Take notifications to the next level: only notify who needs notifying by assigning responsibilities to different team members. ## Compliance made continuous Meet PCI-DSS, SOC 2, ISO 27001 requirements **PCI-DSS Requirement 11.3.2** requires regular external vulnerability scans. Port scanning is a fundamental part of vulnerability assessment. Continuous monitoring exceeds the quarterly minimum requirement. **SOC 2** requires continuous security monitoring and evidence of vulnerability management. Automated port scanning with alerting provides audit trail evidence that your organization actively monitors for security gaps. **ISO 27001** requires organizations to implement vulnerability management processes. Port monitoring demonstrates proactive identification of potential security weaknesses. Audit-ready evidence. Our monitoring logs and alerts provide documentation for compliance audits, showing consistent security monitoring across your infrastructure. ## Who needs port scanning? Anyone running servers they can't afford to expose **DevOps teams managing cloud infrastructure** where security groups, firewall rules, and network configurations change frequently. One misconfiguration can expose entire clusters. **Security teams maintaining compliance** who need continuous evidence of vulnerability monitoring for audits and certifications. **Agencies managing client servers** who are responsible for client infrastructure security. Your reputation depends on keeping client systems secure. **Companies after security incidents** who need to ensure vulnerabilities don't reappear. After a breach, continuous monitoring catches regression. **Anyone with databases, cache servers, or remote access** that should never be accessible from the public internet. One exposed Redis instance can compromise everything. ## Stop worrying, start monitoring Start a no-strings-attached 10-day free trial. You're all set in less than a minute. (No credit card needed.) Not convinced yet? Need help? Get in touch via . ## How it works Lightweight, continuous, from known IP addresses 1 ### Lightweight TCP connection checks We scan all 65,535 TCP ports on your server. No service fingerprinting, just clean, fast detection of which ports accept connections and which don't. 2 ### Hourly checks from known IP addresses Our scanning IPs are published at [/used-ips](/used-ips). You can identify our requests in logs and firewall rules. No need to whitelist us - we check what the public internet can see. 3 ### Two-failure threshold prevents false alarms Network glitches happen. We only alert after two consecutive failures, reducing noise while still catching real issues quickly. 4 ### IPv4 and IPv6, domains and IP addresses Monitor your infrastructure however you address it. We support both IP versions and can resolve domains to check all associated addresses. ## Really into the nitty gritty details? Want to get into the nitty gritty details of our monitoring? Have a look at our documentation. ## Frequently asked questions ### How do I audit which ports are open on my server? Oh Dear regularly scans your server and reports every open port, then alerts you when a new port opens or an expected one closes. An unplanned open port is often the first sign of a misconfiguration or a compromise. ### What does it mean if a new open port is detected? It means something on your server started accepting connections from the internet that wasn't before. Sometimes that's you, a new service or a deploy, but it can also be the first visible sign of trouble: a misconfiguration that exposed a database, a service that was meant to stay internal, or a backdoor left behind by an attacker. Either way, an unexpected open port is worth investigating right away. ### Which ports should be open on my server? As few as possible. A typical web server needs 80 and 443 for HTTP and HTTPS, plus SSH for management. Databases, caches, and admin panels should almost never face the internet directly. Oh Dear shows you exactly what's exposed, so you can close anything that has no business being there. ### Will Oh Dear alert me when my open ports change? Yes. We scan on a schedule and alert you the moment a new port opens or a port you expected to be open disappears. You tell us which ports are supposed to be open, and we let you know whenever reality drifts from that. [See all other FAQ items →](https://ohdear.app/docs/faq) ## Start monitoring instantly Start a no-strings-attached 10-day free trial. You're all set in less than a minute. (No credit card needed.) Not convinced yet? Need help? Get in touch via .