Skip to content
ProtocolPorts

Port reference

Port 7000 (TCP) – Apache Cassandra Inter-node

Default port for Cassandra inter-node (gossip and replication) communication.

tcpRegisteredCommonly attacked

Default state

Cassandra uses 7000 for node-to-node gossip and replication, often without inter-node encryption enabled. The port should never face the internet, yet misconfigured clusters expose it on 0.0.0.0.

Common attacks

  • Joining a rogue node to the cluster to read or inject replicated data
  • Interception of unencrypted gossip and replication traffic
  • Cluster disruption and denial of service against the ring
  • Reconnaissance of cluster topology and keyspaces

Hardening

  • Bind listen_address to a private interface; never expose 7000 to the internet
  • Enable internode_encryption (TLS) for gossip and replication
  • Firewall 7000 to cluster member IPs only
  • Keep client CQL (9042) and JMX (7199) restricted as well
  • Keep Cassandra patched and audit cluster membership

nmap snippet

nmap -p7000 --script banner <target>

Replace <target> with the host or range you're authorized to scan.

What runs on port 7000?

Port 7000 is the default for Apache Cassandra inter-node communication — the gossip and replication traffic that nodes exchange to coordinate the cluster and replicate data across the ring. Unlike the client CQL port 9042, 7000 is used only between Cassandra nodes and should never be reached by external clients.

Why it matters for security

Inter-node traffic on 7000 often runs without encryption and carries replicated data and cluster control messages. If the port is exposed, an attacker can join a rogue node to the ring to read or inject replicated data, intercept gossip traffic, or disrupt the cluster. Because it is internal infrastructure, exposure usually indicates a serious misconfiguration.

How it's attacked

Attackers scan for open 7000 and attempt to join the cluster as a peer, gaining access to replicated keyspaces. Unencrypted gossip can be intercepted for reconnaissance, and malformed traffic can be used to disrupt the ring or deny service to legitimate nodes.

Hardening checklist

Bind listen_address to a private interface and keep 7000 off the public internet. Enable internode_encryption (TLS) for gossip and replication, and firewall 7000 to cluster member IPs only. Restrict the client port 9042 and JMX 7199 as well. Patch regularly and audit cluster membership. Use the nmap snippet above to detect exposed inter-node ports on hosts you are authorized to test.

Related ports

Port 9042Port 9200Port 27017Port 6379

Frequently asked questions

Should Cassandra port 7000 ever be exposed to the internet?
No. Port 7000 carries inter-node gossip and replication and must stay on a private network, firewalled to cluster members only. Exposing it can let a rogue node join the ring and access replicated data.
How do I secure inter-node traffic on 7000?
Enable internode_encryption with TLS, bind listen_address to a private interface, and firewall 7000 so only known cluster member IPs can connect.