Port 6379 (Redis): What It Is & Security Guide
What is Port 6379 (Redis)? Understanding Its Role and Security Implications
Port 6379 is a well-known TCP port primarily associated with Redis, an open-source, in-memory data structure store used as a database, cache, and message broker. Often referred to as a 'data structure server,' Redis supports various data structures such as strings, hashes, lists, sets, sorted sets with range queries, bitmaps, hyperloglogs, and geospatial indexes with radius queries. Its speed and versatility make it a popular choice for high-performance applications, real-time analytics, caching layers, and session management across a wide array of industries.
While Redis is incredibly powerful and efficient, its default configuration and widespread use also make port 6379 a significant target for attackers if left exposed and unsecured. The critical security risk associated with an open and unprotected Redis instance stems from its ability to store sensitive data and, more dangerously, its potential for remote code execution (RCE) on the host system. Understanding what port 6379 is, how Redis utilizes it, and the inherent security risks is paramount for any organization deploying or managing Redis in their infrastructure. This guide will delve into the technical details, common attack vectors, and crucial hardening steps to protect your Redis deployments.
Port 6379 Technical Details: Redis and TCP Protocol
| Attribute | Detail |
|---|---|
| Port Number | 6379 |
| Protocol | TCP |
| Service | Redis (REmote DIctionary Server) |
| Risk Level | Critical (if exposed/unsecured) |
| Default Use | Redis client-server communication |
Port 6379 operates over the Transmission Control Protocol (TCP), a connection-oriented protocol that ensures reliable, ordered, and error-checked delivery of a stream of bytes between applications running on hosts communicating via an IP network. When a client application wants to interact with a Redis server, it initiates a TCP connection to port 6379 on the server's IP address. Once the connection is established, the client sends commands to the Redis server, and the server responds with the requested data or confirmation of the operation.
Redis itself is a single-threaded server, designed for maximum performance by keeping all data in memory. It uses a simple, human-readable protocol called RESP (REdis Serialization Protocol) for communication. This simplicity, while contributing to its efficiency, also means that if an attacker gains access to the Redis instance, they can easily issue commands to read, write, or even execute malicious code, making the security of port 6379 a critical concern.
Critical Security Risks of an Open and Unsecured Port 6379
An exposed or improperly secured Redis instance on port 6379 represents a critical security vulnerability that can lead to severe consequences for an organization. The in-memory nature and powerful command set of Redis, combined with its common use for sensitive data, make it an attractive target for malicious actors. Here are the primary security risks:
Common Attack Vectors Targeting Port 6379
Attackers employ various techniques to exploit exposed or vulnerable Redis instances. Understanding these common attack vectors is crucial for implementing effective defenses:
How to Check if Port 6379 is Open on Your System or Network
Identifying whether port 6379 is open and accessible is the first step in securing your Redis instances. You can check this using various network scanning tools or online services.
Using Nmap (Network Mapper)
Nmap is a powerful open-source tool for network discovery and security auditing. To check if port 6379 is open on a target host, you can use the following command:
nmap -p 6379 target.com
Replace `target.com` with the IP address or hostname of your server. If Redis is running and the port is open, Nmap will report 'open' for port 6379. You can also add `-sV` to attempt service version detection:
nmap -p 6379 -sV target.com
For a more aggressive scan that might reveal more about the Redis service, including potential vulnerabilities (use with caution and only on systems you own or have explicit permission to scan):
nmap -p 6379 --script redis-info,redis-brute target.com
Using Netcat (nc)
Netcat is a simple utility for reading from and writing to network connections. You can use it to test if a port is listening:
nc -vz target.com 6379
If the connection is successful, it indicates the port is open.
Using Online Port Scanners
For a quick check from an external perspective, you can use free online port scanners. These tools allow you to enter your public IP address or domain name and check specific ports. For a reliable and free option, you can Scan port 6379 with our free Secably Port Scanner tool. This provides an external view, simulating how an attacker might see your exposed services.
From the Server Itself
To check if Redis is listening on port 6379 locally, you can use `ss` or `netstat`:
sudo ss -tulnp | grep 6379
or
sudo netstat -tulnp | grep 6379
This will show if a process is listening on port 6379 and which IP addresses it's bound to (e.g., `0.0.0.0:6379` means it's listening on all interfaces, including external ones).
Free Security Tools
Scan your website, check open ports, find subdomains — no signup required.
- Website Vulnerability Scanner — find XSS, SQLi, misconfigurations
- Port Scanner — Nmap-powered, all 65535 ports
- Subdomain Finder — discover hidden attack surface
How to Secure Port 6379 and Harden Your Redis Deployment
Securing Redis on port 6379 is not just about closing the port; it's about implementing a layered defense strategy. Here are essential steps to harden your Redis instances:
When Should Port 6379 Be Open? Legitimate Use Cases
While the general recommendation is to keep port 6379 closed to the public internet, there are legitimate scenarios where it needs to be accessible, albeit under strict controls:
- Internal Application Communication: The most common and legitimate use case is when an application server (e.g., a web server, API backend, microservice) needs to connect to a Redis instance running on a separate server within the same private network or VPC. In this scenario, Redis should be bound to the private IP address of its host, and firewall rules should only permit connections from the specific IP addresses of the application servers.
- Containerized Environments (e.g., Docker, Kubernetes): In container orchestration platforms, Redis instances often run in separate containers or pods. Communication between application containers and the Redis container will occur over internal container networks, where port 6379 is exposed within that isolated environment, not directly to the public internet.
- Managed Redis Services: Cloud providers offer managed Redis services (e.g., AWS ElastiCache, Azure Cache for Redis, Google Cloud Memorystore). While these services expose port 6379, they are typically secured by default with VPCs, security groups, and authentication, abstracting away much of the direct port management from the user.
- Development and Staging Environments: During development or testing, developers might temporarily open port 6379 to specific IP addresses for debugging or integration. However, this should always be done with extreme caution, for limited durations, and never replicated in production without robust security measures.
In all these legitimate scenarios, the key principle is to ensure that access to port 6379 is restricted to the absolute minimum necessary, using a combination of network segmentation, strong authentication, and encryption.
Is port 6379 dangerous?
Yes, port 6379 is considered critically dangerous if left open to the public internet without proper security measures. Redis, by default in older versions, did not require authentication, making it trivial for attackers to connect, steal data, or even achieve remote code execution (RCE) on the host server. Even with authentication, weak passwords or misconfigurations can lead to severe breaches.
Should I close port 6379?
Generally, yes, you should close port 6379 to the public internet. If your Redis instance is only meant for internal applications, bind it to localhost (127.0.0.1) or a private IP address, and use firewall rules to restrict access to only trusted internal IP addresses. Never expose port 6379 directly to the internet unless absolutely necessary and secured with multiple layers of defense, including strong authentication and TLS encryption.
How do I block port 6379?
You can block port 6379 using firewall rules on your server. Here are common commands:
Using UFW (Ubuntu/Debian):
sudo ufw deny 6379/tcp\nsudo ufw reload
Using Iptables (CentOS/RHEL/Fedora):
sudo iptables -A INPUT -p tcp --dport 6379 -j DROP\nsudo service iptables save
Remember to allow specific trusted IPs if internal applications need access, placing `ACCEPT` rules before `DROP` rules.
What runs on port 6379 by default?
By default, port 6379 is the standard TCP port used by the Redis (REmote DIctionary Server) in-memory data store. When you install and start a Redis server, it will typically listen for client connections on this port unless explicitly configured otherwise in its `redis.conf` file.
What are common CVEs for Redis?
While Redis itself is generally well-maintained, vulnerabilities can arise. Some notable CVEs include:
- CVE-2022-0543: A critical Lua sandbox escape vulnerability that could lead to remote code execution (RCE) on the host system.
- CVE-2021-32628: An integer overflow in the `STRALGO` command that could lead to heap overflow and potential RCE.
- CVE-2023-41053: An integer overflow in the `HRANDFIELD` command, also potentially leading to RCE.