TCP Other

Port 2376 (Docker TLS)

Learn about port 2376 (Docker TLS) - security risks, vulnerabilities, and common uses. Find devices with port 2376 open.

Quick Info

Port Number

2376

Protocol

TCP

Service

Docker TLS

IANA Name

Docker TLS

Service Description

TCP port 2376 is commonly associated with Docker TLS (Transport Layer Security). It's used for secure communication with the Docker daemon, allowing clients to interact with Docker remotely over an encrypted channel. Unlike the unsecured port 2375, 2376 mandates TLS authentication, verifying the identity of both the client and the server. The Docker daemon listens on this port when configured with TLS, requiring clients to present valid certificates for authentication before accepting commands. This is crucial for securing Docker deployments, especially in production environments where remote access is necessary. The protocol is essentially HTTPS wrapped around the Docker API, leveraging standard SSL/TLS handshakes and certificate validation procedures.

## Firewall Recommendations

Port 2376 should generally be blocked from the public internet. If remote access to the Docker daemon is required, it should only be allowed from trusted IP addresses or networks. The best practice is to use a VPN or a dedicated management network for accessing the Docker daemon remotely. Ensure that TLS is properly configured with strong certificates and that client authentication is enforced. Regularly rotate certificates and monitor the Docker daemon logs for suspicious activity. Consider using a firewall or intrusion detection system to monitor traffic to and from port 2376, and implement rate limiting to prevent denial-of-service attacks. Avoid using self-signed certificates in production environments, and instead, use certificates signed by a trusted Certificate Authority.

Security Information

Exposing port 2376 without proper authentication and authorization controls is a significant security risk. Attackers can exploit misconfigurations to gain unauthorized access to the Docker daemon, potentially leading to container compromise, host system takeover, and data exfiltration. Common attack vectors include exploiting weak or default TLS configurations, certificate spoofing, and man-in-the-middle attacks. If the TLS configuration is not enforced properly, or if certificates are not rotated regularly, attackers can potentially compromise the Docker environment. The lack of strong access controls can allow an attacker to execute arbitrary commands within containers, escalate privileges, and potentially pivot to other systems on the network. The port is targeted because Docker has high privileges on the host and can be used to deploy malicious containers or modify existing ones.

Known Vulnerabilities

CVE	Name	Severity	Description
CVE-2019-5736	runC Container Escape	High	Уязвимость в runC, используемой Docker, позволяющая контейнеру получить доступ к файловой системе хоста.
CVE-2021-41091	Containerd cgroups v1/v2 race condition	High	Уязвимость в containerd, используемой Docker, позволяющая контейнеру обойти ограничения cgroups.
CVE-2020-15257	Containerd DNS poisoning	Medium	Уязвимость в containerd, позволяющая контейнеру отравлять DNS-кэш хоста.