dnswatchdog.iodocs
Issues

Port 9300: OpenSearch

Open OpenSearch port detected on a publicly accessible host.

Severity: Critical | Port: 9300

What is OpenSearch?

OpenSearch is an open-source search and analytics engine forked from Elasticsearch. It is used for log analytics, application monitoring, and full-text search. Port 9300 is the transport protocol port used for inter-node communication in a cluster, but when exposed it can also accept external connections.

Why this is a problem

An exposed OpenSearch transport port allows attackers to potentially join the cluster, access stored data, or exploit vulnerabilities. The same data exposure risks that apply to Elasticsearch apply here — sensitive logs, application data, and user information could be accessed or deleted.

What you should do

  • Block port 9300 from the internet
  • Configure OpenSearch to bind to private network interfaces only
  • Enable the security plugin with authentication and TLS
  • Use network segmentation to isolate the OpenSearch cluster
  • If external access is needed, expose only the HTTP API (port 9200) behind a reverse proxy with authentication

Port 9200: Elasticsearch

Open Elasticsearch port detected on a publicly accessible host.

Port 11211: Memcached

Open Memcached port detected on a publicly accessible host.

On this page

What is OpenSearch?Why this is a problemWhat you should do