alt Hacker NewsMy understanding is that docker will expose the ports to the host machine's network interfaces, which is a crucial difference. For my home server running docker that means exposed to the LAN, but not the WAN unless I add in a port forwarding rule on my router. Similarly in an enterprise environment you would be exposing the port on whatever VLAN the host is connected to, which hopefully doesn't have directly transit to the open internet.
Anything you're running on the perimeter with open access to the internet in an enterprise environment probably (hopefully) isn't running docker containers without some additional config and protections.
Replies
I was thinking along similar lines to what you've suggested here, but then I considered how many VPS might be configured by folks following some random web tutorial, to set up their LAMP stack (or whatever), that end up doing something like what was described.
If you ever suddenly get IPv6, it may become globally reputable without you realizing.