Port 115 (SFTP)

Network port 115 (TCP) is historically associated with Simple File Transfer Protocol (SFTP), though it's important to clarify that this is not the same as SSH File Transfer Protocol, which commonly uses port 22. The SFTP on port 115 is a predecessor to modern, more secure file transfer protocols. It provides a basic mechanism for transferring files between systems, often utilizing a connection-oriented TCP stream. Functionally, it operates by establishing a session, authenticating the user (typically with username and password), and then allowing the user to issue commands to upload, download, delete, or rename files on the server. The protocol is relatively simple, lacking advanced security features and encryption capabilities of its successors.

At a technical level, the client initiates a TCP connection to port 115 on the server. After the connection is established, a series of commands are exchanged in plain text. These commands dictate the actions the server should perform on the file system. The data transfer itself is also performed over the same TCP connection, without encryption. Because of its lack of security features, this implementation of SFTP is rarely used today and is considered highly insecure. Modern implementations favor SSH File Transfer Protocol (SFTP) over port 22 or FTPS (FTP over SSL/TLS) over port 990 or explicit TLS negotiation on port 21.

## Firewall Recommendations

It is strongly recommended to block port 115 on your firewall, both inbound and outbound, unless there is a very specific and well-understood legacy requirement. If you must use it, ensure it is isolated to a secure internal network with no external access. The best practice is to migrate to a more secure file transfer protocol like SFTP (over SSH on port 22) or FTPS (FTP over SSL/TLS on port 990 or explicit TLS negotiation on port 21). Regularly scan your network for services running on port 115 to identify and remediate any instances of this outdated protocol.