Docker Layer 2 ICC Bug
A Docker security vulnerability where disabling inter-container communication (ICC) fails to block raw ethernet frames, allowing unexpected data transfer between containers via raw sockets.
Docker Layer 2 ICC Bug
A Docker security vulnerability where disabling inter-container communication (ICC) fails to block raw ethernet frames, allowing unexpected data transfer between containers via raw sockets.
Docker Layer 2 ICC Bug Description
Docker Layer 2 ICC Bug refers to a security vulnerability in Docker's inter-container communication (ICC) implementation. When Docker containers are created, they are automatically connected to a bridge network that enables communication between containers. The vulnerability occurs when administrators attempt to disable ICC for security purposes. Despite disabling ICC through Docker's configuration, the underlying network implementation still allows raw ethernet frames to pass between containers at Layer 2 of the network stack. This bypass mechanism enables containers to establish unexpected data transfer channels using raw sockets, effectively circumventing the intended security restriction. The bug demonstrates that Docker's ICC disable feature does not provide complete network isolation between containers as expected. Security implications include potential data exfiltration, lateral movement between containers, and unauthorized communication channels that may not be detected by standard network monitoring tools focused on higher-layer protocols.
Docker Layer 2 ICC Bug FAQ
Common questions about Docker Layer 2 ICC Bug including features, pricing, alternatives, and user reviews.
Docker Layer 2 ICC Bug is A Docker security vulnerability where disabling inter-container communication (ICC) fails to block raw ethernet frames, allowing unexpected data transfer between containers via raw sockets.. It is a Cloud Security solution designed to help security teams with Vulnerability, Misconfiguration.
