I just had a weird experience that with a fresh install of syncthing on a new system, all kinds of devices (with random IPs around the world) immediately started asking to pair up. At first I thought “cool, a new feature that gets me back on my own network” and almost clicked them before realizing this made no sense.
Perhaps this is due to “global discovery” being checked? Does this broadcast my ID number? I’m not sure how it works, but I’d suggest it might be safer to not have either discovery checked by default. I kinda don’t want to get spammed or accidentally click the wrong computer while setting up!
That should not happen, unless by the probability of being struck by lightning you’ve managed to generate some ID that was part of some larger network, which I highly doubt. Are you sure its not your own devices?
The IDs and IPs didn’t match anything on my local network. Note this was on a fresh install of Linux Mint, with a brand-new device ID generated by a new install of syncthing. How would my other devices even know how to find it?
I’m happy to go digging for any information you ask for, but I currently don’t know quite what you want.
I have ~5 computers at two locations: a few at home behind a LAN and a few at work (all IPs start with 132).
When I saw this, it was installed for the first time on a fresh Linux Mint 18.3, with dropbox and chrome but no other services than the defaults. I have not modified the listening ports or anything in Syncthing, except to put the GUI localhost port to 8080. I may have enabled Mint’s firewall and syncthing with ufw, or I hadn’t enabled Mint’s firewall (don’t remember). I’ve forwarded the default Syncthing ports to this machine on my NAT (Airport Extreme), which is attached to a cable modem at home.
It was one device that got spammed by a few (3?) randoms. I clicked ignore, changed the GUI listening port (I realize this is uncorrelated), and haven’t seen any since. Perhaps I actually duplicated an existing ID? I thought that would only happen in the age of the universe, though…
I will reiterate that it was a new install and new ID, so a port 22000 scan seems more likely. Possibly the relay server was used to get my IP address, so they knew where to scan. The one that was spammed is the only one with the port forwarded to it.