Accessible AMQP Report

LAST UPDATED: 2021-11-30

This report identifies devices that have an accessible AMQP (Advanced Message Queueing Protocol) on port 5672/TCP.

AMQP is an open internet protocol for business messaging. It is often also used for IoT device management.

Even though it does allow for encrypted communications via TLS, many instances on the Internet are configured for cleartext authentication and message sharing. Furthermore in the past there have been multiple vulnerabilities discovered in AMQP broker software implementations that can allow for authentication bypass, interception of messages, remote code execution or denial of service and other attacks.

For more information on our scanning efforts, check out our Internet scanning summary page.

This report was enabled as part of the European Union INEA CEF VARIoT project.

Filename: scan_amqp


Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the AMQP response came on (always TCP)
  • port
    Port that the AMQP response came from (usually 5672)
  • hostname
    Reverse DNS name of the device in question
  • tag
    Set to amqp
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • sic
    Standard Industrial Classification System Code
  • channel
    Channel Used
  • message_length
    Length of the message
  • class
    Class of the connection
  • method
    Method used
  • version_major
    Major number of the AMQP protocol revision
  • version_minor
    Minor number of the AMQP protocol revision
  • capabilities
    List of features supported
  • cluster_name
    Name of the AMQP device
  • platform
    Platform
  • product
    Product Type
  • product_version
    Product Version
  • mechanisms
    Methods Used
  • locales
    Languages available

Sample

"timestamp","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","sic","channel","message_length","class","method","version_major","version_minor","capabilities","cluster_name","platform","product","product_version","mechanisms","locales"
"2021-11-28 00:05:05","35.195.237.181","tcp",5672,"181.237.195.35.bc.googleusercontent.com","amqp",15169,"BE","BRUXELLES-CAPITALE","BRUSSELS",519130,,0,509,10,10,0,9,"publisher_confirms,exchange_exchange_bindings,basic.nack,consumer_cancel_notify,connection.blocked,consumer_priorities,authentication_failure_close,per_consumer_qos,direct_reply_to","hip-hound","Erlang/OTP","RabbitMQ","3.6.10","AMQPLAIN PLAIN","en_US"
"2021-11-28 00:05:05","185.116.202.73","tcp",5672,,"amqp",60720,"RU","MOSKVA","MOSCOW",517311,,0,509,10,10,0,9,"publisher_confirms,exchange_exchange_bindings,basic.nack,consumer_cancel_notify,connection.blocked,consumer_priorities,authentication_failure_close,per_consumer_qos,direct_reply_to","rabbit@04d578d6125e","Erlang/OTP 20.2.4","RabbitMQ","3.7.4","AMQPLAIN PLAIN","en_US"
"2021-11-28 00:05:05","198.244.131.119","tcp",5672,"ip119.ip-198-244-131.eu","amqp",16276,"UK","LONDON","LONDON",518210,,0,509,10,10,0,9,"publisher_confirms,exchange_exchange_bindings,basic.nack,consumer_cancel_notify,connection.blocked,consumer_priorities,authentication_failure_close,per_consumer_qos,direct_reply_to","rabbit@s1","Erlang/OTP 23.3.4.7","RabbitMQ","3.9.7","AMQPLAIN PLAIN","en_US"
"2021-11-28 00:05:05","165.227.125.217","tcp",5672,"sr-demos.docq.app","amqp",14061,"US","NEW JERSEY","CLIFTON",518210,,0,509,10,10,0,9,"publisher_confirms,exchange_exchange_bindings,basic.nack,consumer_cancel_notify,connection.blocked,consumer_priorities,authentication_failure_close,per_consumer_qos,direct_reply_to","rabbit@sr-demos","Erlang/OTP 22.2.7","RabbitMQ","3.8.2","PLAIN AMQPLAIN","en_US"
"2021-11-28 00:05:06","62.171.144.82","tcp",5672,"postal.laptoplifestylevip.club","amqp",51167,"DE","BAYERN","NUREMBERG",518210,,0,509,10,10,0,9,"publisher_confirms,exchange_exchange_bindings,basic.nack,consumer_cancel_notify,connection.blocked,consumer_priorities,authentication_failure_close,per_consumer_qos,direct_reply_to","rabbit@postal","Erlang/OTP 23.2.3","RabbitMQ","3.8.14","AMQPLAIN PLAIN","en_US"
"2021-11-28 00:05:06","95.89.220.196","tcp",5672,"ip5f59dcc4.dynamic.kabel-deutschland.de","amqp",3209,"DE","SCHLESWIG-HOLSTEIN","KIEL",517312,,0,327,10,10,0,9,"publisher_confirms,exchange_exchange_bindings,basic.nack,consumer_cancel_notify",,"Erlang/OTP","RabbitMQ","2.7.1","PLAIN AMQPLAIN","en_US"
"2021-11-28 00:05:06","122.162.39.218","tcp",5672,"abts-north-dynamic-218.39.162.122.airtelbroadband.in","amqp",24560,"IN","TELANGANA","HYDERABAD",517311,,0,509,10,10,0,9,"publisher_confirms,exchange_exchange_bindings,basic.nack,consumer_cancel_notify,connection.blocked,consumer_priorities,authentication_failure_close,per_consumer_qos,direct_reply_to","rabbit@none-of-your-concern","Erlang/OTP","RabbitMQ","3.6.10","PLAIN AMQPLAIN","en_US"

Our 114 Report Types