
Show HN: Dockopotamus, a naive honeypot that uses docker - johnnycarcin
https://github.com/esell/dockopotamus
======
jamescun
Putting aside this repositories root privilege requirements and lack of
documentation on locking down the honeypot, I cannot stress how bad an idea
running a honeypot inside a container is.

Containers are an isolation mechanism, not a security mechanism. Honeypots
should be run at minimum on a virtual machine, ideally hardware, in a separate
network segment.

~~~
thybag
To be fair to it, it does describe itself as "A shitty attempt at a
honeypot/sandbox that uses docker" and contains a fairly large & up front
"WARNING WARNING WARNING" section :p

~~~
johnnycarcin
:)

Think of it as more of a brainstorming exercise than a real-world, production
ready app.

 _EDIT_ Also I would note that in the true sense of open source, PRs are
always accepted.

