Rogue introducing

#1

First, I would like to apologize if this is off topic or answered somewhere else in the forum. I searched but did not find anything already discussed on this topic.

Our SyncThing “network”: 120 PCs (devices) and 130 individual “shares” (folders). We have been using it since September of 2015. It is big, but works well for us. I am not sure if this is a big system compared to others.

The issue: We have a rogue “Introducing” going on. Essentially, many computers (devices) are receiving requests to connect. However, neither computer on either end (not the sender, nor the receiver) seem to be broadcasting the request.

We do not use the “introducer” feature (unless someone accidentally started the feature unknowingly). We have looked at many of the devices and none seem to have the feature checkmarked. Also, the way things are introducing, it seems that it would have to be the “hub” of our network since it “knows” everyone. (Generally speaking our syncthing network is a hub-and-spoke where many of the shares talk to a single server). I can clearly see that the “hub” is not an set as an introducer.

I can see from the scrolling log (the command window) that I am getting constant requests to connect, but I have 43 computers (devices) “ignored”. The web interface would show them if I did not have them ignored. However, if I go to one of the devices that is requesting, there seems to be no activity that the request is coming from that PC.

  1. Is there a way to discover where the requests are originating from?
  2. Is there a way to globally turn off “introducer” since we do not use the feature?

Thank you!

Manual intervention for Introducer feature
(Audrius Butkevicius) #3

This is not introducing, this is simply connection attempts. I’d check the device IDs and IP addresses where they are coming from and follow that trail.

#4

Audrius, I agree with you. There is nothing to indicate that the “introducer” feature was turned on.

I do have the list of ID codes for each request. I have confirmed each one on both sides. In the web interface, there is no “requesting” going on that I can see. Neither device is listed either web GUI. Is there a way to look at the config.xml file to see a list of “open requests”?

Regarding the IP address. The problem is that the I can confirm the device with the ID code, but the IP addresses shown in scrolling log (command window) are NOT real addresses. They seem to be relay addresses? Is that possible? So it doesn’t really point to the actual device.

an example:

Connection from Y4W2EBR-DYBFTBA-JD3I2T4-(ID trimmed by me) at 166.170.55.99:48416 (tcp-server) rejected: device is ignored

This device is a real device on our network, but neither PC on either end are requesting connection from the other (according to the GUI). The IP address shown is not the address at that location, but rather some sort of proxy in between. So tracking it using IP address is not very helpful. Right now I am ignoring 43 Devices, but each one I check, is a real device on our network. None of them show that they are requesting connection between each other on either GUI. We are seeing this across the network.

Thanks again for any insight you can provide!

(Jakob Borg) #5

Maybe post configs from both sides? It sounds odd that there would be a connection between them, relay or not, if neither side knows about the other.

#6

Jakob, I’m a “computer guy” but have never posted on this forum before. I think you are asking me to post the .xml files? Wouldn’t that compromise our network by giving all the IDs? Can I private message it, instead? Does this forum have that? Thanks!

(Jakob Borg) #7

The XML files, yes. You can redact the last couple of character groups in each ID you like. I don’t take support PMs, but maybe someone else does.

#8

I understand about the PM. I did as suggested and took off the last three groups of identifiers.

Thanks again!!!

You can see the this is only 2 devices config files. “Me” and “Remote” You can see that the remote has pending invitations and one is from “Me” even though I never requested the connection. I did not choose “ignore” so that I could troubleshoot it further.

Here’s the files:

config - ME - VZPJ4BD - Edit.xml (17.0 KB)

config - REMOTE - ZEIA7UH - Edit.xml (5.9 KB)

#9

As I reviewed the XML file, I see that the remote PC has “pendingDevice” and my PC is listed even though I am sure I did not do a request (and do not have a current request).

Is it possible that someone turned ON introducer and the requests went out. Then they turned introducer off, but the requests stayed “pending”? (Are they "sticky?) Just an idea.

Also, I am continually being requested by that whole “ignore” group in my config file. I am rejecting them, but I am sure this is all a single cause from a single event. It started about the same time everywhere.

Thanks for the help today!

(Audrius Butkevicius) #10

So the addresses where these connections are coming from are not yours, but the IDs are yours?

#11

All of the devices are out on cell networks. So I am assuming those addresses are NAT or proxy addresses as they access the internet. That is what I mean when I say “not our addresses”. This is not the IP address that shows up on the PC itself. Does that make sense?

#12

Yes, the IDs are all a match for our devices.

(Audrius Butkevicius) #13

And if you check one of those devices, is the device id of the device you are seeing the connections on have that device added?

If yes, then thats the cause. How it got to that state, I have no idea.

#14

No. That’s the mystery. Neither device is listed on each other’s list. I have attached the config files showing 1 example. See above.

(Jakob Borg) #15

I have no idea.

(Audrius Butkevicius) #16

In the configs you posted, there is definitely a case where a device is added on one side but ignores on the other.

(Simon) #17

Another possibility that hasn’t been mentioned: There seem to be global IPs active and you have global discovery enabled: If multiple devices have the same global IP and listening port (22000 by default), e.g. devices B and C, it can happen that device A tries to contact device B, but the request ends up at device C thus triggering the connection request.

#18

Is this true? Are the global IPs really doing that? I understood that the global IPs were used to help different devices find each other. Wouldn’t the request use their IDs, not IPs?

#19

Actually, what you see is a pending request. This was not solicited by the other pair (which is the point of my question). The ignore on the other device is because it has been bombarded by requests from many devices on the network.

So hers a question, once a connection request is made, the receiver holds that request until the receiver decides accept-or-ignore. The request stays “sticky” at the receiver side. If I just don’t respond to the pop up, then it stays there indefinitely even after reboots, etc. Even if the sending requestor changes it’s mind and removes the request on the requestor’s side.

Earlier you did it couldn’t be an introducer, but now so am thinking that if a device is an introducer for 20 minutes and then the introducer feature is turned off. Any connection requests that occurred in that timeline would stay active on the receiver’s device until they make a response (accept or ignore). (Or edit the config file)

(Russell) #20

Is this issue similar to Connection request from unknown device?

(Simon) #21

Yes and no, let me be more specific and say, that this is both untested, so I might be wrong, and it is not clear, whether it applies to your situation (however being bombarded by many request from the same network seems to make it likely):
Let devices B and C be in the same network, i.e. both have global IP 1. Let device A be in another network, so no local discovery. A and B have already added each other. When B and C announce to the global discovery server, it will determine their listening address to be 1:22000. Now if it happens (port forward, UPnP, …) that messages to 1:22000 get forwarded to C, once A queries the IP with B’s ID and sends a hello message, it ends up at C and is interpreted as a request for connection.
There is probably a few ways this could be mitigated, e.g. by adding a destination ID field to the hello message or having a separate message for device introduction.

True, and is the expected behaviour, as there is no way in the BEP to “unrequest” a connection.

What makes you think so?