Redis service publicly accessible

Classification:

attack

Tactic:

TA0001-initial-access

Technique:

T1190-exploit-public-facing-application

Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Goal

Detect when multiple external connections are made to the port for Redis (6379).

Strategy

Production instances of Redis should not be publicly accessible. Incoming connections from multiple public IP addresses indicate an exposed instance.

Triage and response

  1. Review all events for connections from unexpected IP addresses.
  2. Move the Redis service to a private network.
  3. Review Related Signals and relevant logs for additional malicious activity.

This detection is based on data from Cloud Network Monitoring.