4 comments

[ 2.6 ms ] story [ 15.8 ms ] thread
Putting aside this repositories root privilege requirements and lack of documentation on locking down the honeypot, I cannot stress how bad an idea running a honeypot inside a container is.

Containers are an isolation mechanism, not a security mechanism. Honeypots should be run at minimum on a virtual machine, ideally hardware, in a separate network segment.

To be fair to it, it does describe itself as "A shitty attempt at a honeypot/sandbox that uses docker" and contains a fairly large & up front "WARNING WARNING WARNING" section :p
:)

Think of it as more of a brainstorming exercise than a real-world, production ready app.

EDIT Also I would note that in the true sense of open source, PRs are always accepted.

Well this gives me an idea to make a meta-honeypot. A honeypot network running in containers, running in VMs, running on hardware.

They'll say "Oh! This is the Docker container thing I read on HN! I'll just use (X_BUG) that will allow me to gain root on the real system" and instead they pull themselves into root on a VM.