Security of private IPs

[mattpass]

Thanks for the excellent work on this - I'm just trying to understand it all and have a question.

I'm looking to use this with v86 and during testing a friend and I were able to run ifconfig, get the private IP (10.5.x.x) and then ping each others to confirm we could see the IP is used. It would be possible then to script something to enumerate through IP addresses and discover which are being used.

My question is - does this pose any security issues? Is there the possibility to meddle with other peoples comms, perhaps accessing whatever is running under that IP, etc.

Trying to understand any security implications here, or actually if this is locked down.

[benjamincburns]

There's nothing built-in that locks it down. All devices are on the same virtual LAN, connected to the same virtual switch. Think of it like a bunch of physical devices all on the same subnet and switch.

If you'd like to limit communication between devices, your options for doing so are analogous to the scenario above. The easiest option would be to run a firewall on your connected VMs to prevent them from accepting connections to ports other than those you've explicitly exposed. You could also look into running a separate subnet for each host, but you'd likely need a more complex setup than what I have in the docker image in order to make it scalable. Finally, if you want to enable something more custom, you can modify websockproxy to implement some firewalling behaviour at the switch level, to prevent certain types of packets from routing between hosts. This would of course be the most difficult option.