Port 5432 · PostgreSQL

What runs on port 5432

PostgreSQL is a major open-source relational database. The default service binds to TCP/5432. The protocol supports password and certificate-based authentication; misconfiguration that allows trust-based authentication on a public interface is the most common breach path.

Why public exposure is dangerous

An exposed `postgres` superuser with a weak password gives an attacker complete control of the database, including the ability to write arbitrary files via `COPY ... TO PROGRAM` and execute shell commands on some configurations. Shodan indexes large numbers of public PostgreSQL servers, many with default `postgres` accounts.

How to lock it down

Set `listen_addresses = 'localhost'` in `postgresql.conf` if no remote access is needed. For applications outside the host, restrict via `pg_hba.conf` to specific source IPs and require `md5` or `scram-sha-256` authentication — never `trust`. Use a host firewall to drop 5432 from public sources. Encrypt connections with `ssl = on` and require it for non-local clients.

When public exposure is legitimate

Internal-network access from application servers in the same VPC is common. Public-internet access should never be required for a normal web application — use a managed database service if remote access is genuinely needed.

Other ports DomainCare scans

• :3306 MySQL — MySQL listens on port 3306 by default. Public exposure is a critical data-leak risk.
• :6379 Redis — Redis listens on port 6379 by default. Public exposure historically allows unauthenticated arbitrary code execution.
• :27017 MongoDB — MongoDB listens on port 27017 by default. Historically responsible for the largest single data-leak class — pre-3.0 builds shipped without authentication enabled.
• :9200 Elasticsearch — Elasticsearch listens on port 9200 by default. Public exposure exposes the entire indexed dataset to any internet user.