
An Open Source Honeypot Using Docker - muricula
https://github.com/iankronquist/beeswax
======
Mizza
To me, Docker doesn't seem like a good choice of technology for a honeypot, as
any kernel-level exploits could lead to potentially lead to complete system
compromise or worse.

~~~
muricula
If they manage to find an exploit in the Kernel then we have something far
more valuable on our hands than the run of the mill WordPress malware.
Remember, anything inside the honeypot is being aggressively monitored, so
we'll know where it came from and what it did.

------
JoachimSchipper
Note that Docker is not a security technology (or not a secure technology?);
one should not assume that an attacker cannot break out of a Docker container.
This honeypot does assume the security of Docker containers; be extremely
careful running it in production.

------
blakesterz
Would a VM be better for this? Is a VM less likely to be broken out of than
Docker in this case? I'm guessing bare metal is the most secure thing to run a
honeypot in? My limited knowledge says... probably?

~~~
jlgaddis
I have run various honeypots for years. I wouldn't feel comfortable with a
"honeypot in a container". I'm not even _that_ comfortable with a honeypot in
a virtual machine, though I have done it for short periods of time.

My personal preference is always for bare-metal. There's always an old PC or
server sitting around that can be put into service as a honeypot and if
something happens to it -- e.g., hardware failure with no replacements --
well, it's not a big deal.

