Open port 6379: Redis
What this means
Redis (Remote Dictionary Server) is an open-source, in-memory data structure store that is widely used for caching, message brokering, and real-time analytics.
By default, Redis listens on port 6379, and if it is exposed to the internet without proper authentication and security controls, attackers can exploit it for unauthorised access, data theft, remote code execution, or launching further attacks.
Why this is a problem
An open Redis port means that the service is accessible from the internet or an internal network without proper security controls.
If Redis is not secured or misconfigured, it can lead to:
- unauthorised access to system resources
- data manipulation where malicious actors can read, modify, or delete stored data
- lateral movement where an attacker gains access to one system and spreads across the network
- data breach where attackers can exfiltrate sensitive cache data
How to check if the problem is there
Check open Redis ports
Run the following command to check if Redis ports are open:
netstat -an | find ":6379"
Linux/Mac (Terminal):
sudo netstat -tulnp | grep ":6379"
How to fix this
To mitigate attacks against Redis, an administrator can take the following steps to block access or reduce the attack surface.
Restrict network access
To restrict network access, carry out the following:
- configure firewall rules to allow connections only from trusted IP addresses
- change the default port
- disable or uninstall the services if not required
Enable authentication and encryption
To enable authentication and encryption, carry out the following:
- enable encryption at rest and in transit
- run surface area configuration tools to help minimize the attack surface
Regularly monitor logs
Enable server logging to track failed login attempts and unauthorised access.
Consider VPN or Internal Networking
If remote access is needed, consider using a VPN or setting up a private network instead of exposing the port to the public internet.