Skip to content
PortsDB

Port reference

Port 563 (TCP) – NNTPS

Network News Transfer Protocol wrapped in TLS for encrypted Usenet access and feeds.

tcpWell-knownCommonly attacked

Default state

Offered by Usenet/news servers that support TLS. Not enabled by default on general-purpose systems.

Common attacks

  • Credential capture if TLS is downgraded or stripped
  • Exploitation of weak TLS versions and cipher suites
  • Brute force of newsreader authentication
  • Server-side vulnerabilities in the NNTP daemon

Hardening

  • Require TLS 1.2+ and disable legacy SSL/TLS versions and weak ciphers
  • Use valid, current certificates and verify them on clients
  • Enforce authentication and rate-limit login attempts
  • Keep the news server software patched

nmap snippet

nmap -p563 --script ssl-cert,ssl-enum-ciphers <target>

Replace <target> with the host or range you're authorized to scan.

What runs on port 563?

Port 563 is the well-known port for NNTPS — the Network News Transfer Protocol (NNTP) wrapped in TLS. NNTP is the protocol behind Usenet, used to read and post articles and to exchange news feeds between servers. Port 563 carries exactly the same protocol as plaintext NNTP on port 119, but inside an encrypted TLS session so credentials and content are protected in transit.

Why it matters for security

The value of 563 over 119 is confidentiality and integrity: without TLS, NNTP sends authentication and article data in cleartext, where it can be sniffed or tampered with. With NNTPS, that traffic is encrypted — but only if the TLS configuration is sound. Weak protocol versions, expired certificates, or downgrade to 119 undermine the protection the port is meant to provide.

How it's attacked

Attackers target the TLS layer: forcing a downgrade to plaintext 119 or exploiting weak ciphers and old SSL/TLS versions to read or alter traffic. They also brute-force newsreader credentials against the login and probe the NNTP daemon itself for server-side vulnerabilities.

Hardening checklist

Require TLS 1.2 or newer and disable legacy SSL/TLS versions and weak cipher suites. Use valid, current certificates and verify them on clients to prevent downgrade and impersonation. Enforce authentication and rate-limit login attempts to blunt brute force, and keep the news server software patched. The nmap snippet above inspects the certificate and enumerates ciphers on systems you are authorized to test.

Related ports

Port 119Port 443Port 993Port 995

Frequently asked questions

What is the difference between port 119 and 563?
Port 119 carries plaintext NNTP (Usenet news), while port 563 carries the same protocol wrapped in TLS (NNTPS). Use 563 so credentials and article traffic are encrypted in transit.
Is port 563 still used?
Yes, by Usenet providers and newsreaders that support encrypted access. Where TLS is available, 563 should be preferred over the cleartext NNTP port 119.