Malware on connected IP

Hello, I have been forced to remove the software from my computer by our company admin, because it is establishing connections with multiple IPs and some of them are connected with recent malicious activity.

IP mentioned is “Tor endpoint”.

What is the real situation?

Relays, which are run by random people on random addresses.

SO I just have to route it through my own relay, no public one, right?

Interestingly, that IP isn’t on the (current) list of relays.

It was though, yesterday. (I checked the secret logs.)

root@www:/var/log# grep syslog.1
Jul 28 06:56:31 www strelaypoolsrv: 06:56:31 INFO: Joined relay relay://
Jul 28 06:56:32 www strelaypoolsrv: 06:56:32 INFO: Disconnected from relay relay://
Jul 28 14:56:45 www strelaypoolsrv: 14:56:45 INFO: Joined relay relay://
Jul 28 14:56:46 www strelaypoolsrv: 14:56:46 INFO: Disconnected from relay relay://

Yes, configure syncthing to use your own relay(s), or turn of relaying entirely if you can live with that. Afterwards, syncthing will only connect to your devices and services hosted by syncthing (discovery etc).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.