Skip to main content

Some internal services might be listening to remote requests

  • GG_ID: GG_IAC_0006
  • Severity: HIGH
  • Complexity: LOW
  • Categories: NETWORK
  • Providers: AWS
  • Potential data exposure: True
  • Visible in logs: False
  • User interaction required: False
  • Privileges required: False


Ingress access of a security group does not specify a port range. This means that some applications running on assets of this security group may be reached by external traffic, while they are not expected to do so.


Potential exposure of applications that are not supposed to be" listening to external traffic.

Remediation guidelines#

Identify which ports needs to be exposed to external traffic, and open only those ports.

External documentation#