DoS warning about binding to 0.0.0.0 is superfluous and confusing in containerized environments #7488
Labels
bug
Something isn't working
Comments
|
There was another issue mentioning this warning from the opentelemetry helm chart that was addressed by @TylerHelmuth. Would a similar solution work in your case? |
|
Thanks, we will consider applying a similar solution. |
|
Closing as Won't Fix. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
The warning displayed when binding the collector ports to 0.0.0.0 is superfluous and confusing when operating in Docker environments. I would like this warning to be removed.
See https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/security-best-practices.md#safeguards-against-denial-of-service-attacks
See signalfx/splunk-otel-collector-chart#673 (reply in thread) for original discussion.
Steps to reproduce
When the collector binds ports to 0.0.0.0, it displays warnings that inform the user that 0.0.0.0 is open to any network interface and may be a problem for DoS attacks. This is confusing as we must use this network interface for containerized environments, and this creates security alerts.
What did you expect to see?
I do not expect to see a particular warning.
What did you see instead?
Using the 0.0.0.0 address exposes this server to every network interface, which may facilitate Denial of Service attacks {"kind": "receiver", "name": "otlp", "pipeline": "logs", "documentation": "https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/security-best-practices.md#safeguards-against-denial-of-service-attacks"}The text was updated successfully, but these errors were encountered: