dnswatchdog.iodocs
Issues

Port 2375: Docker

Open Docker API port detected on a publicly accessible host.

Severity: Critical | Port: 2375

What is the Docker API?

Docker is a platform for running applications in containers — lightweight, isolated environments that package an application with everything it needs to run. The Docker daemon exposes a REST API on port 2375 (unencrypted) or 2376 (TLS) that allows remote management of containers, images, and the host system.

Why this is a problem

The Docker API on port 2375 is unauthenticated by default. Anyone who can reach this port has full control over the Docker daemon, which means they can run arbitrary containers, access the host filesystem, and effectively gain root access to the entire machine. This is one of the most critical exposures possible — it is equivalent to giving an attacker full administrative access.

What you should do

  • Close port 2375 immediately — the Docker API should never be exposed to the internet without authentication
  • If remote Docker management is needed, use TLS client certificates on port 2376
  • Better yet, manage Docker through SSH or a container orchestration platform like Kubernetes
  • Audit running containers to check for signs of compromise (cryptominers are a common payload)

Port 1521: Oracle

Open Oracle database port detected on a publicly accessible host.

Port 3306: MySQL

Open MySQL port detected on a publicly accessible host.

On this page

What is the Docker API?Why this is a problemWhat you should do