Skip to content
PortsDB

Port reference

Port 9092 (TCP) – Apache Kafka

Default broker port for Apache Kafka, the distributed event-streaming and messaging platform.

tcpRegisteredCommonly attacked

Default state

Kafka brokers listen on 9092 with no authentication or encryption by default, so any client reaching the port can list topics, consume messages, and produce data.

Common attacks

  • Unauthenticated access to list topics and consume all message data
  • Producing or deleting messages and topics to tamper with pipelines
  • Information disclosure of streamed business and personal data
  • Pivoting via metadata, including the coordinating ZooKeeper on 2181

Hardening

  • Enable authentication (SASL) and authorization (ACLs)
  • Bind to a private interface and firewall 9092 to trusted hosts only
  • Require TLS for client and inter-broker traffic
  • Protect the coordinating ZooKeeper (2181) and metadata
  • Keep Kafka patched and audit topic access

nmap snippet

nmap -p9092 --script banner <target>

Replace <target> with the host or range you're authorized to scan.

What runs on port 9092?

Port 9092 is the default broker port for Apache Kafka, a distributed event-streaming platform used as a high-throughput message bus. Producers publish records to topics and consumers read them over 9092, while brokers coordinate partitions and offsets. Older deployments also rely on ZooKeeper (2181) for cluster metadata.

Why it matters for security

Kafka pipelines frequently carry sensitive business events, logs, and personal data. By default brokers listen on 9092 with no authentication or encryption, so any client reaching the port can list topics and consume all messages, or produce and delete data to corrupt downstream systems. Leaked metadata, including the coordinating ZooKeeper, aids further compromise.

How it's attacked

Attackers scan for open 9092 and connect without credentials to enumerate topics and consume message data, exfiltrating whatever is streamed. They also produce or delete messages and topics to tamper with pipelines, and harvest cluster metadata — often reaching the ZooKeeper on 2181 — to pivot deeper into the data platform.

Hardening checklist

Enable authentication (SASL) and authorization (ACLs), and require TLS for client and inter-broker traffic. Bind brokers to a private interface and firewall 9092 to trusted hosts only. Protect the coordinating ZooKeeper (2181) and metadata, keep Kafka patched, and audit topic access. Use the nmap snippet above to check exposure on hosts you are authorized to test.

Related ports

Port 2181Port 9093Port 5672Port 9200

Frequently asked questions

Does Apache Kafka require authentication by default?
No. By default Kafka brokers accept connections on 9092 with no authentication or encryption, so any client can consume and produce data. Enable SASL authentication, ACLs, and TLS, and firewall the port.
Why is an exposed Kafka broker dangerous?
Kafka streams often carry business events and personal data. An open broker lets attackers read every topic, inject or delete messages, and learn cluster metadata including the ZooKeeper on 2181 for further pivoting.