discovery enabled by default = security risk?


I just had a weird experience that with a fresh install of syncthing on a new system, all kinds of devices (with random IPs around the world) immediately started asking to pair up. At first I thought “cool, a new feature that gets me back on my own network” and almost clicked them before realizing this made no sense.

Perhaps this is due to “global discovery” being checked? Does this broadcast my ID number? I’m not sure how it works, but I’d suggest it might be safer to not have either discovery checked by default. I kinda don’t want to get spammed or accidentally click the wrong computer while setting up!

Sorry if I’m missing something!

Cheers, Jack

Read the documentation. It’s pretty good :slight_smile:

This is where you’ll find out more about global discovery and it’s purpose.

That should not happen, unless by the probability of being struck by lightning you’ve managed to generate some ID that was part of some larger network, which I highly doubt. Are you sure its not your own devices?

1 Like

The IDs and IPs didn’t match anything on my local network. Note this was on a fresh install of Linux Mint, with a brand-new device ID generated by a new install of syncthing. How would my other devices even know how to find it?

Is you listen address setup on some port that is reused by some service? Can you post config/screenshots?

I’m happy to go digging for any information you ask for, but I currently don’t know quite what you want.

I have ~5 computers at two locations: a few at home behind a LAN and a few at work (all IPs start with 132).

When I saw this, it was installed for the first time on a fresh Linux Mint 18.3, with dropbox and chrome but no other services than the defaults. I have not modified the listening ports or anything in Syncthing, except to put the GUI localhost port to 8080. I may have enabled Mint’s firewall and syncthing with ufw, or I hadn’t enabled Mint’s firewall (don’t remember). I’ve forwarded the default Syncthing ports to this machine on my NAT (Airport Extreme), which is attached to a cable modem at home.

Are there other devices on the lan that could he using syncthing which are not yours?

Nope, just 2 Mints, one Ubuntu, and one OSX. The Mint in question (mac mini) is hardwired to the airport, with no wifi configured.

Also, I was not accurate: the “spam” came when I first started the UI, before I changed the UI port to 8080

Anyways, logs would be interesting. Is it just one device that gets spammed?

It was one device that got spammed by a few (3?) randoms. I clicked ignore, changed the GUI listening port (I realize this is uncorrelated), and haven’t seen any since. Perhaps I actually duplicated an existing ID? I thought that would only happen in the age of the universe, though…

It’s possible to collect strangers’ device IDs by running a public relay server, right?

If so, I can imagine someone offering a relay server just to collect device IDs and then spamming the devices with share requests.

I guess, but it’s also possible to collect them by scan the internet for port 22000 being open.

True, I’m just thinking of scenarios by which the device IDs become public. This thread seems based on the assumption that they were not.


I will reiterate that it was a new install and new ID, so a port 22000 scan seems more likely. Possibly the relay server was used to get my IP address, so they knew where to scan. The one that was spammed is the only one with the port forwarded to it.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.