Syncthing: BEWARE! Syncthing 1.4.2 opens multiple connections to remote servers including a Jitsi videoconference

Created on 16 Apr 2020  路  4Comments  路  Source: syncthing/syncthing

I started noticing strange behavior on my computer and investigating with TCPView on Windows 10 I discovered that when Syncthing starts it connects to dozens of various IPs and maintains an open connection to https://contrib.legoff.be, which is a self-hosted Jitsi videoconferencing installation.

I checked a few of the IPs that it connected to and they were unconfigured web servers.

The version running was 1.4.2 and the exe is signed by Kastelo AB on April 8, 2020.

I would highly caution against using this software until a more thorough security review can be performed. Please check your installations and post your findings.

picture itsbrianburton
👎1

Most helpful comment

It's the new sync-over-videoconference feature.

Seriously though, relays. It's always relays with the unknown IP stuff;

jb@kvin:~ % host contrib.legoff.be
contrib.legoff.be has address 92.222.95.0
contrib.legoff.be has IPv6 address 2001:41d0:401:3100::546
jb@kvin:~ % curl -s https://relays.syncthing.net/endpoint | json_pp | grep 92.222.95.0
         "url" : "relay://92.222.95.0:22067/?id=OCRGPEY-RQEJW5U-ZGOTKVZ-MPHKOJU-65GOPAK-S6GSIA3-3ECM7CS-VDBPLQJ&pingInterval=1m0s&networkTimeout=2m0s&sessionLimitBps=0&globalLimitBps=0&statusAddr=:22070&providedBy=@contrib - Strasbourg, FR"
jb@kvin:~ %
picture calmh on 16 Apr 2020
👍4

All 4 comments

It's the new sync-over-videoconference feature.

Seriously though, relays. It's always relays with the unknown IP stuff;

jb@kvin:~ % host contrib.legoff.be
contrib.legoff.be has address 92.222.95.0
contrib.legoff.be has IPv6 address 2001:41d0:401:3100::546
jb@kvin:~ % curl -s https://relays.syncthing.net/endpoint | json_pp | grep 92.222.95.0
         "url" : "relay://92.222.95.0:22067/?id=OCRGPEY-RQEJW5U-ZGOTKVZ-MPHKOJU-65GOPAK-S6GSIA3-3ECM7CS-VDBPLQJ&pingInterval=1m0s&networkTimeout=2m0s&sessionLimitBps=0&globalLimitBps=0&statusAddr=:22070&providedBy=@contrib - Strasbourg, FR"
jb@kvin:~ %
calmh picture calmh on 16 Apr 2020
👍4

Getting an IP for that URL and then checking relays.syncthing.net yields:

92.222.95.0:22067 | 50 | 413 | 20.4 GB | 3.1 MB/s | 3.4 MB/s | 3.2 MB/s | 1.9 MB/s | 1.1 MB/s | 827.5 kB/s | 47 | @contrib - Strasbourg, FR

Do your research before posting please. You are badmouthing both the Syncthing-project and someone graciously hosting both a Syncthing relay and apparently jitsi (not checked) for the community.

imsodin picture imsodin on 16 Apr 2020
👍2

Please, next time ask on the forum instead of creating issues with sensational titles.

It's usually just users lack of understanding, so having sensational titles just make you look bad because you haven't done your homework and jumped to conclusions.

Your conclusion is bad and you should feel bad

AudriusButkevicius picture AudriusButkevicius on 16 Apr 2020
👍2

@calmh Thank you for your polite explanation and I appreciate your work on this project. Seeing an established connection to a server running Jitsi was disconcerting to say the least. For my own peace of mind I'm reviewing the codebase but I apologize for the alarm.

itsbrianburton picture itsbrianburton on 16 Apr 2020
👎1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sgr78 picture sgr78  路  3Comments
calmh picture calmh  路  3Comments
as-com picture as-com  路  3Comments
tomasz1986 picture tomasz1986  路  3Comments
vdaghan picture vdaghan  路  3Comments