-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Postgres docker hub image compromised #11
Comments
But we are using |
I am a total novice with docker so cannot confirm what work. One solution proposed is to "updated the docker compose file to bind the ports to 127.0.0.1 instead of 0.0.0.0" but there also links to problems with 12.4 where another proposal says solution is to build from source instead of using prebuilt image, I don't know what is feasible. The issue did not appear immediately so is also hard to diagnose |
A potential solution has been posted on #12 so I will close this issue |
As per docker-library/postgres#664
A compromised docker image is being utilized.
It results in a flood attack as follows:-
##########################################################################
Netscan detected from host x.x.x.x
##########################################################################
time protocol src_ip src_port dest_ip dest_port
Wed Oct 14 03:37:58 2020 TCP x.x.x.x 56746 => 172.16.4.103 5432
Wed Oct 14 03:37:58 2020 TCP x.x.x.x 43900 => 172.16.4.104 5432
Wed Oct 14 03:37:58 2020 TCP x.x.x.x 41680 => 172.16.4.105 5432
Wed Oct 14 03:37:58 2020 TCP x.x.x.x 57360 => 172.16.4.107 5432
Wed Oct 14 03:37:58 2020 TCP x.x.x.x 37710 => 172.16.4.108 5432
Wed Oct 14 03:37:58 2020 TCP x.x.x.x 48438 => 172.16.4.109 5432
...
This requires immediate attention.
The text was updated successfully, but these errors were encountered: