Ukraine says hackers abuse SyncThing tool to steal data(www.bleepingcomputer.com)

posted 5 months ago

Kid@sh.itjust.worksM

cybersecurity@sh.itjust.works

16 commentshide report

Sort:

Hot Top Controversial New Old

You are viewing a single thread.

View all comments View context

[ - ]

Kid@sh.itjust.worksOPM

6 points

5 months ago

Honestly, I didn’t think about vulnerability in SyncThing when I read the article. But I wondered why defense forces would have p2p open on their networks.

permalink

report

parent

[ - ]

slazer2au@lemmy.world

4 points

5 months ago

When you say P2P you think torrents. But syncthing have rendezvou helpers to facilitate connections without seeing any data.

permalink

report

parent

[ - ]

Kid@sh.itjust.worksOPM

6 points

5 months ago

Not necessarily. Torrent is a way to find a peer for direct connection or via a relay (of course that is more than that). Syncthing, even using a relay server, requires some ports available for at least outbound connection (22000 TCP/UDP or whatever port the relay is using). This should not be possible in a medium security network, let alone a defense network. I don’t know if syncthing works without a direct connection (to the peer or relay, something like transport via http proxy).

permalink

report

parent

[ - ]

jet@hackertalks.com

5 points

5 months ago

It does. It has hole punching incorporated into the protocol. So as long as it can get to the internet, it can use coordination servers and do double hole punching so that they can talk to each other

permalink

report

parent

[ - ]

Kid@sh.itjust.worksOPM

2 points

5 months ago

Interesting. I didn’t know that syncthing does hole punching.

From a defense perspective, how would this work with an enterprise firewall, with UDP/TCP only allowed to specific destinations or specific sources. Example: only the internal DNS relay server can access 53/UDP and only the internal proxy server can access 80/443. What I mean is in a network with a very closed firewall, how would Syncthing be able to connect with peers?

permalink

report

parent

[ - ]

jet@hackertalks.com

4 points

5 months ago

If the firewall was properly locking down servers to functions then it shouldn’t work. But if it has general Web access sync thing is very resilient

This is the reason people use sync thing and recommend it, it’s really hard to kill

permalink

report

parent

[ - ]

seang96@spgrn.com

3 points

5 months ago

Bestbet would probably be block on an application level. I swapped to bitwarden since syncthing wasn’t liked by the AV on my work pc and I was using it to sync my password db.

permalink

report

parent

Show more comments

Cybersecurity

!cybersecurity@sh.itjust.works

Create post

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We’re all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your “friends” socials you’re just going to get banned so don’t do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

Community stats

1.6K
Monthly active users
1.6K
Posts
3.4K
Comments

Community stats

Community moderators