Hey, so, I’m not sure if this is the best place to report this, but it’s what I found.
This morning Fortinet’s antimalware client quarantined my system because it detected Syncthing’s traffic to 193.142.59.7.
The best info I could find on that ip was from abuseipdb dot com with some old reports, and Fortinet’s fortiguard dot com site saying they have “Indicators of compromise” for it. Of course nothing about what those indicators are…
I’m not sure if Fortinet is just seeing things, or if there might actually be something bad on that relay.
If the owner can confirm the server is fine, Fortiguard has a “Classification Dispute Form” they can use to try and get the ip cleared.
Anyway, hopefully this gets seen by the right people.
Screw Fortinet. They blindly assume that Syncthing is evil because it is peer-to-peer. Best find another network to operate on…
I am affected by that same stupid policy, however not as far as getting my device “quarantined”. It just blocks traffic related to Syncthing, even this forum.
Regarding that relay server, it’s probably running something else like a Tor exit node in parallel. That’s a regular cause for IP addresses getting flagged. Which is a stupid way of identifying bad actors in itself.
There may well be, but these servers are not run by “us”, and even if it is involved in something malicious this has no real bearing on the safety of the connection from a Syncthing point of view.
Yep. I just figured posting here might have a slim chance of getting the owner of the relay’s attention.
I also wondered if there might be a way to kick a server out of the list. I’d rather not have the hassle of Forticlient messing with my system next time my syncthing decides to use it as a relay. But sounds like that isn’t something available or wanted.
So, is there a way to blacklist a relay server on my end? I’m not seeing anything jumping out at me in the settings… Maybe a local firewall rule will do that trick…