Port 2375 (TCP) is the standard for Docker daemon (unsecured). Port 2375 — Docker daemon REST API without TLS. 2376 — with TLS. Exposed 2375 on the public internet = instant full host compromise: attacker spins up a privileged container, m
Below: what uses this port, security considerations, online check, FAQ.
Free online tool — ping & port checker: instant results, no signup.
Docker daemon (unsecured)
Port 2375 — Docker daemon REST API without TLS. 2376 — with TLS. Exposed 2375 on the public internet = instant full host compromise: attacker spins up a privileged container, mounts / and owns root on the host. Shodan finds thousands of such servers.
CRITICAL: never expose 2375 publicly. Known crypto-mining botnets scan 2375 24/7. Use 2376 + TLS + client cert auth, or Unix socket /var/run/docker.sock locally.
Enterno.io Ping + Port checker tests TCP reachability of any port from 3 regions (Moscow / Frankfurt / Virginia).
Port 2375 is the default port for the Docker daemon when it is configured to communicate over TCP without encryption. This configuration exposes the Docker API to the public internet, allowing anyone who can access this port to send commands directly to the Docker daemon. The risks associated with this exposure are severe, as an attacker can manipulate the Docker environment, potentially leading to a full host compromise.
When the Docker daemon is accessible on port 2375, it lacks authentication and encryption, making it an easy target for malicious actors. They can execute commands such as:
docker run -it --privileged — This command allows an attacker to run a container with elevated privileges, enabling them to access the host system.docker exec -it /bin/bash — This command can give an attacker a shell inside a running container, facilitating further exploitation.docker rm -f $(docker ps -aq) — An attacker can remove all containers, leading to data loss or service disruption.Given these risks, it is essential to secure the Docker daemon by using port 2376, which offers TLS encryption, or by implementing network security measures such as firewalls and VPNs to restrict access.
Securing the Docker daemon and preventing unauthorized access to port 2375 is crucial for maintaining the integrity of your systems. Here are several strategies to enhance security:
dockerd --tlsverify --tlscacert=ca.pem --tlscert=server-cert.pem --tlskey=server-key.pem -H=0.0.0.0:2376iptables -A INPUT -p tcp --dport 2375 -s -j ACCEPT Implementing these measures will significantly reduce the risk of unauthorized access and protect your Docker environment from potential attacks.
Monitoring port 2375 is essential for detecting unauthorized access and maintaining the security of your Docker environment. Here are some effective tools and techniques for monitoring this port:
Wireshark or tcpdump to capture and analyze traffic on port 2375. This can help identify suspicious activity:tcpdump -i any port 2375Snort or Suricata to detect and alert on unusual traffic patterns targeting port 2375.dockerd --log-level=infoBy implementing these monitoring techniques, you can gain better visibility into your Docker environment, quickly identify potential threats, and take timely action to mitigate risks.
No, modern cloud providers (AWS, Google Cloud, Yandex) close all incoming ports by default. You must explicitly allow port 2375 in a Security Group or firewall.
Use <a href="/en/ping">Enterno Ping + Port Checker</a>. Or in shell: <code>nc -vz example.com 2375</code>.
Depends on the service. Docker daemon (unsecured) should never be exposed publicly without authentication + TLS. See <a href="/en/s/research-open-ports-exposure-2026">our 2026 exposure research</a>.
Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.