***Updated 4/28/2026***
Find out which ports are blocked by Xfinity and Comcast services, and why.
Ports on the internet are like virtual passageways where data can travel. All information on the internet passes through ports to get to and from computers and servers. When a certain port is known to cause vulnerability to the security and privacy of your information, Xfinity blocks it to protect you.
Find the reasons for blocking listed below
| Port | Transport | Protocol | Direction downstream or upstream to CPE | Reason for block | IP version |
| 0 | TCP | N/A | Downstream | Port 0 is a reserved port, which means it should not be used by applications. Network abuse has prompted the need to block this port. | IPv4/IPv6 |
| 25 | TCP | SMTP | Both | Port 25 is unsecured, and Botnet spammers can use it to send spam. This does not affect Xfinity Email website usage. We recommend learning more about configuring your email settings to Comcast email to use port 587. | IPv4/IPv6 |
| 67 | UDP | BOOTP, DHCP | Downstream | UDP Port 67, which is used to obtain dynamic Internet Protocol (IP) address information from our dynamic host configuration protocol (DHCP) server, is vulnerable to malicious hacks. | IPv4 |
| 135-139 | TCP/UDP | NetBios | Both | NetBios services allow file sharing over networks. When improperly configured, ports 135-139 can expose critical system files or give full file system access (run, delete, copy) to any malicious intruder connected to the network. | IPv4/IPv6 |
| 161 | UDP | SNMP | Both | SNMP is vulnerable to reflected amplification distributed denial of service (DDoS) attacks. | IPv4/IPv6 |
| 445 | TCP | MS-DS, SMB | Both | Port 445 is vulnerable to attacks, exploits and malware such as the Sasser and Nimda worms. | IPv4/IPv6 |
| 520 | UDP | RIP | Both | Port 520 is vulnerable to malicious route updates, which provides several attack possibilities. | IPv4 |
| 547 | UDP | DHCPv6 | Downstream | UDP Port 547, which is used to obtain dynamic Internet Protocol (IP) address information from our dynamic host configuration protocol (DHCP) server, is vulnerable to malicious hacks. | IPv6 |
| 1080 | TCP | SOCKS | Downstream | Port 1080 is vulnerable to, among others, viruses, worms and DoS attacks. | IPv4/IPv6 |
| 1900 | UDP | SSDP | Both | Port 1900 is vulnerable to DoS attacks. | IPv4/IPv6 |
No Responses!