Malware on connected IP

Hello, I have been forced to remove the software from my computer by our company admin, because it is establishing connections with multiple IPs and some of them are connected with recent malicious activity.

IP mentioned is 86.125.249.64 “Tor endpoint”.

What is the real situation?

Relays, which are run by random people on random addresses.

SO I just have to route it through my own relay, no public one, right?

Interestingly, that IP isn’t on the (current) list of relays.

It was though, yesterday. (I checked the secret logs.)

root@www:/var/log# grep 86.125.249.64 syslog.1
Jul 28 06:56:31 www strelaypoolsrv: 06:56:31 INFO: Joined relay relay://86.125.249.64:22067
Jul 28 06:56:32 www strelaypoolsrv: 06:56:32 INFO: Disconnected from relay relay://86.125.249.64:22067
...
Jul 28 14:56:45 www strelaypoolsrv: 14:56:45 INFO: Joined relay relay://86.125.249.64:22067
Jul 28 14:56:46 www strelaypoolsrv: 14:56:46 INFO: Disconnected from relay relay://86.125.249.64:22067
root@www:/var/log#
2 Likes

Yes, configure syncthing to use your own relay(s), or turn of relaying entirely if you can live with that. Afterwards, syncthing will only connect to your devices and services hosted by syncthing (discovery etc).