Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Port 6379 (tcp/udp) Attack Activity Port 6379 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
[get complete service list]
Port Information
Protocol Service Name
tcp redis Redis
Top IPs Scanning
TodayYesterday
122.51.58.214 (131)89.248.174.193 (4351)
3.211.161.228 (125)83.97.20.35 (2921)
140.143.234.212 (115)213.32.76.91 (2035)
113.204.148.2 (100)118.123.245.76 (1113)
185.244.39.112 (80)111.231.166.138 (1024)
118.123.245.76 (33)59.46.2.206 (1024)
125.46.11.67 (24)153.122.13.156 (1021)
117.157.15.27 (22)59.110.235.204 (1017)
80.82.70.118 (22)198.108.66.176 (997)
139.162.118.251 (17)113.214.30.171 (816)
Port diary mentions
URL
Anatomy of a Redis mining worm
User Comments
Submitted By Date
Comment
Johannes 2018-05-18 12:09:53
Redis by default allows arbitrary file uploads, which can easily be leveraged to execute code. See http://blog.knownsec.com/2015/11/analysis-of-redis-unauthorized-of-expolit/
Sunny Dhabhai 2013-03-12 13:17:55
Redis Server Port which client can run queries. Default Port Exposed to Internet Could Face Brute Force Attacks. Nmap Brute Force Script For Radis: http://nmap.org/nsedoc/scripts/redis-brute.html
Add a comment
CVE Links
CVE # Description
CVE-2015-8080 Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.