:5985 (TCP)

WinRM HTTP

Critical 风险

TCP — Remote Access

端口概览

端口号 5985
服务名称 WinRM HTTP
传输协议 TCP
类别 Remote Access
安全风险 Critical
端口范围 已注册 (1024-49151)

什么是端口 5985?

Port 5985 is used by Windows Remote Management (WinRM) for HTTP-based remote PowerShell and management connections. WinRM implements the WS-Management protocol for remote Windows administration and is used by tools like Ansible and PowerShell remoting. Exposure of this port allows remote command execution on Windows systems.

TCP Remote Access 常用

安全注意事项

端口5985(WinRM HTTP)被归类为严重风险。此端口不应暴露在公网上。该服务在未加密的情况下传输数据,容易受到窃听、凭据窃取和中间人攻击。

建议:在防火墙处封锁此端口。改用加密替代方案(SSH、SFTP、HTTPS)。

相关端口 — Remote Access

相关术语