TCP Сообщения

Порт 8883 (MQTT SSL)

Узнайте о порте 8883 (MQTT SSL) - угрозы безопасности, уязвимости и применение. Найдите устройства с открытым портом 8883.

Краткая информация

Номер порта

8883

Протокол

TCP

Сервис

MQTT SSL

Имя IANA

MQTT SSL

Описание сервиса

Port 8883 (TCP) is commonly used for MQTT (Message Queuing Telemetry Transport) over SSL/TLS, often referred to as MQTT Secure or MQTT SSL. MQTT is a lightweight, publish-subscribe network protocol that transports messages between devices. It's particularly well-suited for constrained environments, such as IoT (Internet of Things) devices with limited bandwidth or power. The protocol operates on a client-broker architecture, where clients publish messages to topics and subscribe to topics to receive messages. The broker acts as a central hub, routing messages from publishers to subscribers based on topic matching.

At a technical level, when using port 8883, the MQTT communication is encrypted using SSL/TLS. This provides confidentiality and integrity for the messages exchanged between clients and the broker. The process typically involves the client initiating a TLS handshake with the broker, which includes verifying the broker's certificate and establishing a secure connection. Once the secure connection is established, the MQTT protocol operates as usual, with clients connecting, subscribing to topics, publishing messages, and disconnecting. The use of SSL/TLS ensures that sensitive data, such as sensor readings or control commands, cannot be intercepted or tampered with during transmission. The choice of port 8883 is a convention, and MQTT over TLS can technically be configured on other ports, but 8883 is the de facto standard.

## Firewall Recommendations

Port 8883 should generally be allowed only if you are running an MQTT broker that requires secure communication. If you are not using MQTT or do not require encryption, it should be blocked. Best practices for securing port 8883 include: 1) Using strong TLS configurations with up-to-date cipher suites. 2) Implementing robust authentication and authorization mechanisms, such as username/password authentication or certificate-based authentication. 3) Regularly updating the MQTT broker software to patch security vulnerabilities. 4) Implementing rate limiting and connection limits to prevent DoS attacks. 5) Monitoring MQTT traffic for suspicious activity. 6) Segmenting the network to isolate IoT devices from other critical systems. 7) Employing intrusion detection and prevention systems to detect and block malicious traffic.

Информация о безопасности

The primary security risk associated with port 8883 stems from misconfigurations or vulnerabilities in the MQTT broker and client implementations. While SSL/TLS provides encryption, weak cipher suites or outdated protocol versions can be exploited. Another risk is the lack of proper authentication and authorization. If the MQTT broker doesn't require authentication or uses weak credentials, attackers can gain unauthorized access to the broker, allowing them to publish malicious messages, subscribe to sensitive data, or even control connected devices. Furthermore, denial-of-service (DoS) attacks are possible by flooding the broker with excessive connection requests or messages. Attackers might target this port because IoT devices are often deployed in large numbers and may have weak security practices, making them attractive targets for botnet recruitment or data exfiltration.

Известные уязвимости

CVE	Название	Критичность	Описание
CVE-2017-7650	Eclipse Mosquitto Authentication Bypass	Critical	A vulnerability in Eclipse Mosquitto versions before 1.4.15 allows remote attackers to bypass authentication by sending a crafted CONNECT packet.
CVE-2018-12558	HiveMQ Missing Authorization	High	HiveMQ Community Edition versions before 3.3.5 and HiveMQ Enterprise Edition versions before 3.3.5 do not properly enforce authorization for certain MQTT operations, potentially allowing unauthorized access to topics.
CVE-2023-32243	RabbitMQ MQTT Plugin DoS	Medium	RabbitMQ MQTT Plugin is vulnerable to denial-of-service (DoS) attacks due to improper handling of large MQTT messages, potentially exhausting server resources.