Open
Description
Consider the following scenario (very hypothetical):
- an attacker finds his way into the internal network
- performs a DOS attack on the agent container to crash/restart it
- because of the first come first serve policy, the attacker then takes over the entire docker host using a secondary portainer-web instance
I'm using UFW and docker's default iptables don't play well with it, meaning all rules regarding docker containers are ignored, hence there is no benefit in limiting 9001 to the portainer-web host, leaving me vulnerable to such an attack.
Is there a way to mitigate such an attack?
Metadata
Metadata
Assignees
Labels
No labels