TCP Dangerous Monitoring

Port 8086 (InfluxDB)

Learn about port 8086 (InfluxDB) - security risks, vulnerabilities, and common uses. Find devices with port 8086 open.

Quick Info

Port Number

8086

Protocol

TCP

Service

InfluxDB

IANA Name

InfluxDB

Service Description

Port 8086 (TCP) is the default port used by InfluxDB, an open-source time-series database (TSDB) written in Go. InfluxDB is designed to handle high write and query loads, making it suitable for storing and analyzing time-stamped data such as metrics, events, and sensor data. The service operates by receiving data points, typically in a line protocol format, which includes a measurement name, tags (key-value pairs for metadata), fields (the actual data values), and a timestamp. InfluxDB stores this data in a structured manner that optimizes retrieval based on time ranges and tag filtering. The underlying storage engine is optimized for time-series data, allowing efficient compression and querying.

At a technical level, InfluxDB uses the HTTP protocol on port 8086 for its API endpoints. This API allows clients to write data, query data using InfluxQL (InfluxDB's SQL-like query language) or Flux (InfluxData's data scripting and query language), manage databases and retention policies, and perform other administrative tasks. The InfluxDB HTTP API is designed to be stateless, which allows for horizontal scalability. Data is written to InfluxDB using HTTP POST requests, and queries are executed using HTTP GET or POST requests, depending on the query length and complexity. The API supports various response formats including JSON and CSV.

## Firewall Recommendations

Blocking port 8086 is generally recommended if InfluxDB is not intended to be accessed from outside the local network. If external access is required, it should be strictly controlled using a firewall and access control lists (ACLs) to limit access to only authorized IP addresses or networks. Implement strong authentication mechanisms, such as TLS/SSL encryption for all communication, and regularly update InfluxDB to the latest version to patch any known security vulnerabilities. Consider using a reverse proxy to add an extra layer of security and control access to the InfluxDB API. Monitor network traffic to and from port 8086 for any suspicious activity, and implement intrusion detection and prevention systems (IDS/IPS) to detect and block potential attacks. If possible, use a VPN for remote access instead of directly exposing the port.

Security Information

Exposing port 8086 to the public internet without proper authentication and authorization mechanisms poses significant security risks. Attackers can exploit vulnerabilities in InfluxDB or its underlying dependencies to gain unauthorized access to the database, potentially leading to data breaches, data manipulation, or denial-of-service attacks. Common attack vectors include SQL injection (though InfluxQL is not standard SQL, similar vulnerabilities can exist), unauthorized data access, and remote code execution if vulnerabilities are present in the InfluxDB software. The HTTP API, if not properly secured, can be targeted for brute-force attacks to guess credentials or exploit weak authentication mechanisms. Furthermore, if InfluxDB is used in conjunction with other tools like Grafana, vulnerabilities in those tools could also be exploited to gain access to the data stored in InfluxDB. Internal network exposure can also be risky if proper segmentation is not implemented.

Known Vulnerabilities

CVE	Name	Severity	Description
CVE-2019-13626	InfluxDB Enterprise API: Извлечение конфиденциальной информации	Medium	InfluxDB Enterprise API раскрывает конфиденциальную информацию (секретный ключ etcd) в общедоступной конечной точке /debug/vars.
CVE-2019-10743	InfluxDB: XSS с использованием имени базы данных	Medium	InfluxDB подвержен межсайтовому скриптингу (XSS), когда имя базы данных используется в URL.
CVE-2019-10744	InfluxDB: SSRF с использованием запроса HTTP	High	InfluxDB подвержен атакам Server-Side Request Forgery (SSRF) через обработку HTTP-запросов.
CVE-2018-1000156	InfluxDB Remote Code Execution	Critical	InfluxDB до версии 1.5.2 подвержен уязвимости удаленного выполнения кода. Неправильная десериализация Java приводит к выполнению кода.
CVE-2016-9623	InfluxDB Unauthorized access to admin interface	Critical	InfluxDB до версии 1.1.0 позволяет неавторизованный доступ к интерфейсу администрирования, если не включена аутентификация.