Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Port 6379 (tcp/udp) Attack Activity - SANS Internet Storm Center

SANS Site Network

Current Site

SANS Internet Storm Center

Other SANS Sites Help

Graduate Degree Programs

Security Training

Security Certification

Security Awareness Training

Penetration Testing

Industrial Control Systems

Cyber Defense Foundations

DFIR

Software Security

Government OnSite Training

Port 6379 (tcp/udp) Attack Activity

Log In or Sign Up for Free!

Loading...

[get complete service list]

Port Information
Protocol	Service	Name
tcp	redis	Redis

Top IPs Scanning
Today	Yesterday
121.199.5.141 (144)	71.6.232.2 (490)
119.36.149.48 (139)	27.221.51.91 (460)
113.134.194.22 (138)	89.248.165.199 (433)
116.198.33.122 (137)	71.6.232.5 (383)
58.229.178.134 (136)	222.240.147.226 (357)
49.247.34.184 (135)	61.243.2.46 (342)
47.97.230.205 (135)	66.240.236.116 (339)
106.12.121.149 (135)	47.93.117.186 (321)
143.198.184.131 (135)	39.104.81.110 (312)
121.40.237.32 (134)	159.138.121.90 (292)

Port diary mentions
URL
Anatomy of a Redis mining worm

User Comments
Submitted By	Date
Comment
Johannes	2018-05-18 12:09:53
Redis by default allows arbitrary file uploads, which can easily be leveraged to execute code. See http://blog.knownsec.com/2015/11/analysis-of-redis-unauthorized-of-expolit/
Sunny Dhabhai	2013-03-12 13:17:55
Redis Server Port which client can run queries. Default Port Exposed to Internet Could Face Brute Force Attacks. Nmap Brute Force Script For Radis: http://nmap.org/nsedoc/scripts/redis-brute.html

CVE Links
CVE #	Description
CVE-2015-8080