dnswatchdog.iodocs
Issues

Port 9200: Elasticsearch

Open Elasticsearch port detected on a publicly accessible host.

Severity: Critical | Port: 9200

What is Elasticsearch?

Elasticsearch is a distributed search and analytics engine used for log analysis, full-text search, and real-time data exploration. It stores and indexes large volumes of data and makes it searchable in near real-time. Port 9200 is the HTTP REST API that applications use to read and write data.

Why this is a problem

Elasticsearch has been the source of some of the largest data breaches in recent years. Historically it had no authentication by default, meaning anyone who could reach port 9200 had full read and write access to all data. Exposed Elasticsearch instances have leaked billions of records including personal data, credentials, and medical records. Attackers also use exposed instances to deploy ransomware by deleting indices and leaving ransom notes.

What you should do

  • Block port 9200 from the internet immediately
  • Enable Elasticsearch security features (authentication and TLS)
  • Bind Elasticsearch to private network interfaces only
  • Use a reverse proxy with authentication if external access is needed
  • Audit what data is stored and ensure sensitive data is properly protected

Port 9042: Cassandra

Open Cassandra port detected on a publicly accessible host.

Port 9300: OpenSearch

Open OpenSearch port detected on a publicly accessible host.

On this page

What is Elasticsearch?Why this is a problemWhat you should do