PC open to the world

Network administrators of University where I am working want for me to stop using syncthing for my file synchronizing. They write to me that my computer is open to the world and anyone can connect to my computer (University network respectivelly) via ports opened for syncthing on my laptop. I believe a bold highlighted rows (ports 8384 and 22000) are related to syncthing. Any other?

user@machine:~$ netstat -an | grep LISTEN tcp 0 0* LISTEN tcp 0 0* LISTEN tcp 0 0* LISTEN tcp 0 0* LISTEN tcp 0 0* LISTEN tcp 0 0 LISTEN* tcp6 0 0 :::139 :::* LISTEN tcp6 0 0 :::22000 ::: LISTEN* tcp6 0 0 :::80 :::* LISTEN tcp6 0 0 ::1:631 :::* LISTEN tcp6 0 0 :::445 :::* LISTEN

May I change a settings of my syncthing instalation somehow to make University network administrators satisfied?

I have found several threads but it did not help me very much. Certainly my low IT network knowledge.

University network administrator message: “You’ll want to shut down syncthing, as it requires you to have a couple of open ports to the world. Syncthing has a couple of recent vulnerabilities, check the CVEs (cvedetails is down at the moment).”

Please any idea?

Kind regards, Rene

There’s one CVE I am aware of regarding Syncthing and it’s fixed since ages (it probably was filed due to/after the fix): https://nvd.nist.gov/vuln/detail/CVE-2017-1000420

You can talk and try to reason with the admin, but given this pretty weird and incorrect statement (you neither have to open a couple of ports to the internet, nor does it have a couple of recent vulnerabilities) reasons may not help with that person.

1 Like

There was one CVE on Go as well that affected us, although it didn’t have security impact just the potential to cause high CPU.

As imsodin says you do not have to have any ports open to the world. Generally you should have port 22000 open - which is safe, encrypted and certificate authenticated - but you don’t have to as long as you can connect in the other direction instead. The GUI port 8384 should generally not be open to the world and is not, by default.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.