Closed iqlusi0n closed 7 months ago
These ports, 11911, 12911, and 13911, are similar to the top open ports found by nmap, but they are most commonly used by RocketMQ. I discovered these ports when setting up the RocketMQ environment. Typically, services exposed to the internet have a high probability of changing their default ports. Given the serious nature of this vulnerability, and the fact that it has been disclosed for some time now, I estimate that most of them have either been fixed or access control has been implemented on these ports.
Thanks for the information. Do you know what components of RocketMQ use those ports (11911, 12911, and 13911)? Like the controller, broker, nameserver, or something else?
I believe it would be better for you to check this information on the RocketMQ official website. The ports that I've collected are just the ones that I've seen.
Will do, thanks for the help!
I was just curious to the choice of the ports 11911, 12911, and 13911 in the Nmap script?
It looks like those port numbers are not used by default in the RocketMQ code base and I don't really find anything online suggesting to use them as an alternative. So I was curious if you found those port numbers used a lot in deployment.