Connections to devices that are not mine

FreeBSD_Lover · November 11, 2019, 12:16pm

So using “netstat” commands I noticed an ESTABLISHED connection to my Syncthing server. The IP address is a machine on the Internet is not mine. Syncthing had been running for days, but I just noticed this connection. So why would I see a established connection to my Syncthing for a machine that has nothing to do with me.

tcp4 0 0 192.168.10.10.29874 x.x.x.x.22067 ESTABLISHED

When I shutdown Syncthing it was immediately gone. When I restarted Syncthing I saw a boatload of connections to all sort of machines on the Internet. Why? And when I say why what I really mean I guess is why is mine and these machines ‘contacting’ each other when these machines have nothing to do with one another. Shouldn’t the discovery process only cause my machine to contact other machines for which there is a valid syncing instance define?

$ netstat -S
Active Internet connections
Proto Recv-Q Send-Q Local Address          Foreign Address        (state)
tcp4       0      0 192.168.10.10.52216   5.44.44.149.22067      SYN_SENT
tcp4       0      0 192.168.10.10.52215   45.30.95.62.22067      FIN_WAIT_2
tcp4       0      0 192.168.10.10.52214   194.26.175.24.58368    FIN_WAIT_2
tcp4       0      0 192.168.10.10.52213   64.228.3.113.22067     FIN_WAIT_2
tcp4       0      0 192.168.10.10.52212   93.92.204.228.22067    FIN_WAIT_2
tcp4       0      0 192.168.10.10.52211   81.7.16.188.22067      FIN_WAIT_2
tcp4       0      0 192.168.10.10.52210   164.132.151.235.22067  FIN_WAIT_2
tcp4       0      0 192.168.10.10.52209   146.185.78.43.22067    FIN_WAIT_2
tcp4       0      0 192.168.10.10.52208   213.183.53.178.22067   FIN_WAIT_2
tcp4       0      0 192.168.10.10.52207   109.230.199.119.22067  TIME_WAIT
tcp4       0      0 192.168.10.10.52206   88.190.49.73.22067     TIME_WAIT
tcp4       0      0 192.168.10.10.52205   194.87.109.249.22067   FIN_WAIT_2
tcp4       0      0 192.168.10.10.52204   128.173.88.78.22067    FIN_WAIT_2
tcp4       0      0 192.168.10.10.52203   51.38.114.196.22067    FIN_WAIT_2
tcp4       0      0 192.168.10.10.52202   77.55.210.110.22067    FIN_WAIT_2
tcp4       0      0 192.168.10.10.52201   159.69.201.90.22067    TIME_WAIT
tcp4       0      0 192.168.10.10.52200   108.56.199.251.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52199   213.148.214.22.22067   FIN_WAIT_2
tcp4       0      0 192.168.10.10.52198   5.9.16.38.22067        FIN_WAIT_2
tcp4       0      0 192.168.10.10.52197   46.23.92.148.22067     FIN_WAIT_2
tcp4       0      0 192.168.10.10.52196   70.44.221.142.22067    FIN_WAIT_2
tcp4       0      0 192.168.10.10.52195   212.47.253.154.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52194   23.94.46.24.22067      FIN_WAIT_2
tcp4       0      0 192.168.10.10.52193   67.213.141.6.10922     TIME_WAIT
tcp4       0      0 192.168.10.10.52192   92.202.22.130.22067    FIN_WAIT_2
tcp4       0      0 192.168.10.10.52191   72.23.147.207.34074    FIN_WAIT_2
tcp4       0      0 192.168.10.10.52190   104.193.225.93.https   FIN_WAIT_2
tcp4       0      0 192.168.10.10.52189   93.180.156.234.22067   FIN_WAIT_2
tcp4       0      0 192.168.10.10.52188   139.162.117.43.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52187   46.105.55.153.53603    TIME_WAIT
tcp4       0      0 192.168.10.10.52186   94.222.185.152.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52185   195.201.9.37.22067     FIN_WAIT_2
tcp4       0      0 192.168.10.10.52184   47.94.220.232.22067    TIME_WAIT
tcp4       0      0 192.168.10.10.52183   163.172.181.231.22067  FIN_WAIT_2
tcp4       0      0 192.168.10.10.52182   37.122.210.202.22067   FIN_WAIT_2
tcp4       0      0 192.168.10.10.52181   104.245.38.195.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52180   213.148.212.114.https  FIN_WAIT_2
tcp4       0      0 192.168.10.10.52179   94.16.114.88.22067     FIN_WAIT_2
tcp4       0      0 192.168.10.10.52178   51.154.12.240.22067    TIME_WAIT
tcp4       0      0 192.168.10.10.52177   90.112.54.163.22067    TIME_WAIT
tcp4       0      0 192.168.10.10.52176   220.135.237.201.38707  TIME_WAIT
tcp4       0      0 192.168.10.10.52175   209.141.60.170.22067   FIN_WAIT_2
tcp4       0      0 192.168.10.10.52174   185.251.39.48.22067    TIME_WAIT
tcp4       0      0 192.168.10.10.52173   167.86.85.229.https    TIME_WAIT
tcp4       0      0 192.168.10.10.52172   148.251.237.21.22067   FIN_WAIT_2
tcp4       0      0 192.168.10.10.52171   192.99.59.139.https    TIME_WAIT
tcp4       0      0 192.168.10.10.52170   157.230.224.44.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52169   31.220.7.158.22067     TIME_WAIT
tcp4       0      0 192.168.10.10.52168   103.1.186.157.22067    TIME_WAIT
tcp4       0      0 192.168.10.10.52167   147.253.74.150.40803   TIME_WAIT
tcp4       0      0 192.168.10.10.52166   185.58.194.48.22067    TIME_WAIT
tcp4       0      0 192.168.10.10.52165   88.99.86.72.22067      TIME_WAIT
tcp4       0      0 192.168.10.10.52164   79.137.32.223.22067    TIME_WAIT
tcp4       0      0 192.168.10.10.52163   10.128.128.102.22000   ESTABLISHED
tcp4       0      0 192.168.10.10.52162   47.222.103.234.22067   FIN_WAIT_2
tcp4       0      0 192.168.10.10.52161   104.131.145.187.22067  TIME_WAIT
tcp4       0      0 192.168.10.10.52160   5.28.62.176.22067      TIME_WAIT
tcp4       0      0 192.168.10.10.52159   94.198.98.21.22067     TIME_WAIT
tcp4       0      0 192.168.10.10.52158   10.128.128.173.22000   ESTABLISHED
tcp4       0      0 192.168.10.10.52157   149.202.52.153.22067   FIN_WAIT_2
tcp4       0      0 192.168.10.10.52156   45.83.151.156.22067    TIME_WAIT
tcp4       0      0 192.168.10.10.52155   82.34.44.237.55553     FIN_WAIT_2
tcp4       0      0 192.168.10.10.52154   150.249.0.147.22067    TIME_WAIT
tcp4       0      0 192.168.10.10.52153   116.202.11.126.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52152   76.72.171.41.22067     ESTABLISHED
tcp4       0      0 192.168.10.10.52151   128.199.52.39.22067    TIME_WAIT
tcp4       0      0 192.168.10.10.52150   217.25.228.203.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52149   206.190.135.76.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52147   158.69.220.91.22067    TIME_WAIT
tcp4       0      0 192.168.10.10.52146   62.210.140.119.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52145   51.15.241.123.22067    FIN_WAIT_2
tcp4       0      0 192.168.10.10.52144   194.59.206.11.22067    FIN_WAIT_2
tcp4       0      0 192.168.10.10.52143   162.246.157.114.22067  TIME_WAIT
tcp4       0      0 192.168.10.10.52142   178.238.227.132.22067  TIME_WAIT
tcp4       0      0 192.168.10.10.52141   195.182.4.237.https    TIME_WAIT
tcp4       0      0 192.168.10.10.52140   59.72.154.20.22067     FIN_WAIT_2
tcp4       0      0 192.168.10.10.52139   95.232.57.22.22067     FIN_WAIT_2
tcp4       0      0 192.168.10.10.52138   198.100.147.150.22067  TIME_WAIT
tcp4       0      0 192.168.10.10.52137   94.66.226.6.22067      FIN_WAIT_2
tcp4       0      0 192.168.10.10.52136   94.26.59.27.22067      FIN_WAIT_2
tcp4       0      0 192.168.10.10.52134   185.159.248.35.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52133   185.181.160.45.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52132   141.14.27.100.https    TIME_WAIT
tcp4       0      0 192.168.10.10.52131   78.83.16.225.22067     TIME_WAIT
tcp4       0      0 192.168.10.10.52130   136.243.66.99.22067    FIN_WAIT_2
tcp4       0      0 192.168.10.10.52129   83.240.5.132.22067     TIME_WAIT
tcp4       0      0 192.168.10.10.52128   118.167.15.75.22067    TIME_WAIT
tcp4       0      0 192.168.10.10.52127   160.119.250.33.https   TIME_WAIT
tcp4       0      0 192.168.10.10.52126   94.16.122.162.https    TIME_WAIT
tcp4       0      0 192.168.10.10.52125   184.105.151.164.22067  TIME_WAIT
tcp4       0      0 192.168.10.10.52124   212.51.136.75.22067    TIME_WAIT
tcp4       0      0 192.168.10.10.52123   212.51.129.49.22067    TIME_WAIT
tcp4       0      0 192.168.10.10.52122   195.201.94.137.https   TIME_WAIT
tcp4       0      0 192.168.10.10.52121   199.195.251.28.22067   FIN_WAIT_2
tcp4       0      0 192.168.10.10.52120   95.103.188.229.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52119   64.86.134.22.22067     FIN_WAIT_2
tcp4       0      0 192.168.10.10.52118   199.181.238.100.22067  TIME_WAIT
tcp4       0      0 192.168.10.10.52117   132.145.49.47.22067    TIME_WAIT
tcp4       0      0 192.168.10.10.52116   45.32.190.137.22067    TIME_WAIT
tcp4       0      0 192.168.10.10.52115   96.231.199.101.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52114   140.121.80.170.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52113   164.15.134.217.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52112   193.239.58.220.https   TIME_WAIT
tcp4       0      0 192.168.10.10.52111   195.201.118.83.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52110   51.15.105.255.22067    TIME_WAIT
tcp4       0      0 192.168.10.10.52109   91.121.50.14.52419     TIME_WAIT
tcp4       0      0 192.168.10.10.52108   47.95.224.92.22067     TIME_WAIT
tcp4       0      0 192.168.10.10.52107   213.108.105.162.22067  TIME_WAIT
tcp4       0      0 192.168.10.10.52106   78.46.177.74.22067     TIME_WAIT
tcp4       0      0 192.168.10.10.52105   92.62.63.75.22067      TIME_WAIT
tcp4       0      0 192.168.10.10.52104   188.68.32.45.22067     FIN_WAIT_2
tcp4       0      0 192.168.10.10.52103   212.12.25.30.27040     TIME_WAIT
tcp4       0      0 192.168.10.10.52102   178.32.51.52.22067     TIME_WAIT
tcp4       0      0 192.168.10.10.52101   158.58.170.183.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52100   185.67.190.92.22067    TIME_WAIT
tcp4       0      0 192.168.10.10.52099   185.222.202.32.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52098   79.136.5.160.22067     TIME_WAIT
tcp4       0      0 192.168.10.10.52097   45.33.68.78.22067      TIME_WAIT
tcp4       0      0 192.168.10.10.52096   221.118.74.152.22067   FIN_WAIT_2
tcp4       0      0 192.168.10.10.52095   88.99.163.110.50332    TIME_WAIT
tcp4       0      0 192.168.10.10.52094   85.143.216.244.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52093   142.93.102.4.22067     TIME_WAIT
tcp4       0      0 192.168.10.10.52092   104.218.63.101.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52091   220.133.98.227.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52090   185.207.107.69.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52089   209.141.59.16.22067    TIME_WAIT
tcp4       0      0 192.168.10.10.52088   167.86.107.184.22067   TIME_WAIT
tcp4       0      0 192.168.10.10.52087   107.170.56.60.https    TIME_WAIT

calmh · November 11, 2019, 12:29pm

Relays.

FreeBSD_Lover · November 11, 2019, 12:34pm

So a law firm in the USA that I’m guessing uses Syncthing is a relay for my machine? And that is why I see the ESTABLISHED connection?

And you are saying ALL those addresses are relays?

calmh · November 11, 2019, 12:36pm

https://relays.syncthing.net/

FreeBSD_Lover · November 11, 2019, 12:37pm

See my previous post. Can you directly answer those questions please?

calmh · November 11, 2019, 12:38pm

You can see the relays yourself in the list above and correlate. Port 22067 is the default relay port.

FreeBSD_Lover · November 11, 2019, 12:40pm

Yes I am looking. I find it odd that a law firm would be a relay. So if I contact them and tell them what I found, you would not be surprised of their answers?

calmh · November 11, 2019, 12:45pm

I have no idea why you think I would have an opinion on what some law firm somewhere would say. IANAL. But I expect someone there would be unsurprised.

FreeBSD_Lover · November 11, 2019, 12:52pm

Sorry don’t know what IANAL means. So let me ask this question then; So syncthing nodes are not by default relaying nodes, correct? In other words my server is not a relay node because (a) I did not do specific configuring to make it so and (b) if it was I would see a boatload of incoming connections? Correct?

So back to that law firm, and other machines I now see with an ESTABLISHED connection, someone there must have purposely configured relaying?

Sorry when I see established connections to my server, and the IP address / domain name I don’t recognize I like to ask specific questions to ensure I understand exactly what is going on. I expected to see something like ‘syncthing’ embedded in the fqdn associated with the IP address, not a law firm.

calmh · November 11, 2019, 12:55pm

Syncthing clients are not relays, no.

https://docs.syncthing.net/users/relaying.html

FreeBSD_Lover · November 11, 2019, 12:58pm

Thank you. All seems good.

Nummer378 · November 11, 2019, 2:59pm

Just in case this wasn’t already clear (until now):

Syncthing clients connect to a number of relays in the public relay pool by default, even if no relay connection is currently active.

Any individual or organisation can host a relay server and add it to the public relay pool. Relay servers are separate applications (just like discovery servers).

Syncthing can be configured to not connect to any relay servers (relaying disabled) or to connect only to a number of specified relays. By default the whole public pool is used.

FreeBSD_Lover · November 11, 2019, 3:33pm

Sorry, yes I knew syncthing uses relays, but I did not know it was based on a public pool, and that any individual or organization could contribute to that public pool.

I still have to determine why, when all my machines are on the same LAN why it would have a “ESTABLISHED” connection to one of these public relay server, long after syncthing was started up.

Nummer378 · November 11, 2019, 3:49pm

AFAIK syncthing always keeps at least one relay connection alive at all times, in case it’s needed later on.

system · December 11, 2019, 3:49pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.