I'm doing some experiments on Snort IDS using Docker container technology.
My objective is to test wether snort with the defaults settings can detect DoS and DDoS attacks.
I downloaded T50 multi-protocol packet injector and exectuted it on a container named T50_container.
Snort IDS is running on another container namend snort_container.
The issue is when I run T50 with T50 --flood a.a.a.a (a.a.a.a is the IP address of snort_container) I'm getting this error message :
error setting socket priority: Operation not permitted.
Thank you for providing me helps and insights.
Best regards.
For security reasons a Docker container runs by default with a reduced set of privileges. This prevents containers from doing things like mounting filesystems and modifying their own network configuration.
You can run a container without these restrictions by specifying the
--privilegedflag todocker run: