What is Port 102?
by Colin Cohen | Published on June 07, 2024
Port 102 lets industrial control systems communicate over the Internet using the ISO Transport Service over TCP/IP protocol. This allows applications access to the benefits of both the ISO Transport protocol and the TCP/IP protocol.
Background of Port 102
Many industrial control systems use the ISO Transport protocol when communicating with each other because of its package-oriented transfer of data. This is because, in many industrial use cases, this type of data transfer is preferable over TCP/IP and its streaming transfer of data. However, the ISO Transport protocol lacks the ability to route data over the Internet. Hence the need to combine the two protocols.
The ISO Transport Service over TCP/IP protocol allows systems to use both the ISO Transport protocol and the TCP/IP protocol. It implements this by transferring data over port 102 between a client and a server.
Understanding Port 102
ISO Transport Service over TCP/IP protocol allows you to use the ISO Transport Service protocol on top of the TCP/IP protocol. It achieves this by layering the two transport protocols. In essence, it swaps TCP/IP’s streaming method of transferring data for ISO Transport’s package-oriented approach. The actual transfer of data between the devices happens over port 102.
Like the ISO Transport protocol and the TCP/IP protocol, the ISO Transport Service over TCP/IP protocol functions in the transport layer of the Open Systems Interconnection (OSI) model used in network communication.
Protocol Association
When using ISO Transport Service over TCP/IP protocol on port 102, you use three separate protocols. The ISO Transport protocol handles the package-oriented data transfer, while the TCP/IP protocol allows you to route the data over the Internet. The ISO Transport Service over TCP/IP protocol combines these protocols by layering them.
What is Port 102 Used For?
You use port 102 to transfer data between industrial control systems, such as those available from Siemens. This allows you to transfer data using packages and route it over the Internet.
Primary Functions
Many industrial control systems, especially those developed by Siemens, make use of ISO Transport protocol when communicating with each other because of its ability to perform a package-oriented transfer of data.
They implement this protocol over TCP/IP for its routing features by using the ISO Transport Service over TCP/IP protocol. When a client and a server communicate with each other using this protocol, they do so over port 102, during which time they transfer data between them.
Industry Use Cases
Many of Siemens’ industrial controls systems have software modules that support ISO Transport Service over TCP/IP protocol on port 102. This includes the following products:
SIMATIC S5
SIMATIC S7
SIMATIC PC
When transferring data between these products, you do so over port 102. One device acts as a server and listens on port 102, while the other device acts as a client and communicates with the server over the port.
How to Make Sure TCP Port 102 Is Secure
While attackers are unlikely to target port 102, it has been associated with vulnerabilities, so you need to know how to keep the port secure.
Security Risks of Port 102
Port 102 is not a common target of hackers, but malicious third parties have been known to target the port for distributed denial-of-service (DDoS) attacks by sending devices data that it cannot handle. These attacks take advantage of software vulnerabilities in outdated ISO Transport Service over TCP/IP modules that are related to improper data validation.
Best Practices
If you are not running the ISO Transport Service over TCP/IP protocol on a device, you should close port 102. If you do need to run the protocol on a device, you should make sure that you are running the latest versions of the modules that support the protocol. You may also want to consider running the ISO Transport Service over TCP/IP protocol on a different port.
Tools and Techniques
If you don’t require ISO Transport Service over TCP/IP on a device, you can disable port 102 in your firewall. When you do need the port, the best method for securing it is by keeping the software that runs over it up to date. You can also configure your systems to use a different port.
Examples of Port 102 Conflicts
As only one service can run on port 102, port conflicts can occur when running the ISO Transport Service over the TCP/IP protocol. When these arise, you need to know how to resolve them.
Common Conflicts
Like all TCP ports, only one service can run on port 102 at one time. So, you cannot run the ISO Transport Service over TCP/IP protocol on port 102 if another service is running on it.
Resolution Strategies
If you are unable to run the ISO Transport Service over TCP/IP protocol on port 102, run the following command from a terminal:
netstat-aonIf you discover that another service is running on port 102, you will need to disable it before you can run the ISO Transport Service over TCP/IP protocol. Alternatively, you can run the ISO Transport Service over TCP/IP protocol on a different port. But if you do this, you must configure all your systems to use this port.
Conclusion
You run the ISO Transport Service over TCP/IP protocol on port 102. This lets you combine the features of the ISO Transport protocol and its ability to perform package-oriented data transfer with the routing features of TCP/IP. But when doing so, you need to make sure that you are using the most up-to-date software and that there are no conflicts with the port.