suspicious connection to external ip-address

hi

i have installed syncthing on my synology nas and on my android phone lately. i have noticed a connection to a an external ip-address 86.105.195.63 (from romania). the ip-address 86.105.195.63 was also added as a relay address in my android phone (screenshot). did they got access to my files?

regards lino

these are the logs which i could find.

netstat:

tcp 0 0 LOCAL-IP-ADRESS:48984 86.105.195.63:22067 ESTABLISHED 13216/syncthing

process ID 13216:

syncthi+ 13216 1.7 6.9 813300 50108 ? SNl Nov28 202:02 | _ /volume1/@appstore/syncthing.net/bin/syncthing -home=/volume1/syncthing-data -logflags=3 -logfile=/volume1/syncthing-data/syncthing.log -no-browser -gui-address=http://0.0.0.0:8384

/volume1/syncthing-data/syncthing.log

looks like a normal local connection:

2021/12/06 09:04:37 INFO: Established secure connection to ANDROID_IDENTIFICATION at LOCAL_NAS_IP_ADDRESS:22000-LOCAL_ANDROID_IP_ADDRESS:22000/tcp-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256 2021/12/06 09:04:37 INFO: Device ANDROID_IDENTIFICATION client is “syncthing v1.18.3” named “ANDROID_DEVICE_NAME” at LOCAL_NAS_IP_ADDRESS:22000-LOCAL_ANDROID_IP_ADDRESS:22000/tcp-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256 2021/12/06 09:05:10 INFO: Connection to ANDROID_IDENTIFICATION at LOCAL_NAS_IP_ADDRESS:22000-LOCAL_ANDROID_IP_ADDRESS:22000/tcp-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256 closed: reading length: read tcp LOCAL_NAS_IP_ADDRESS:22000->LOCAL_ANDROID_IP_ADDRESS:22000: read: connection reset by peer

suspicious connection: the android identification and android device name are the same like in the normal local connection

2021/12/06 12:28:58 INFO: Established secure connection to ANDROID_IDENTIFICATION at LOCAL_NAS_IP_ADDRESS:49464-86.105.195.63:22067/relay-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256 2021/12/06 12:28:58 INFO: Device ANDROID_IDENTIFICATION client is “syncthing v1.18.3” named “ANDROID_DEVICE_NAME” at LOCAL_NAS_IP_ADDRESS:49464-86.105.195.63:22067/relay-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256 2021/12/06 12:28:59 INFO: Established secure connection to ANDROID_IDENTIFICATION at LOCAL_NAS_IP_ADDRESS:47221-LOCAL_ANDROID_IP_ADDRESS:22000/tcp-client/TLS1.3-TLS_CHACHA20_POLY1305_SHA256 2021/12/06 12:28:59 INFO: Replacing old connection LOCAL_NAS_IP_ADDRESS:49464-86.105.195.63:22067/relay-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256 with LOCAL_NAS_IP_ADDRESS:47221-LOCAL_ANDROID_IP_ADDRESS:22000/tcp-client/TLS1.3-TLS_CHACHA20_POLY1305_SHA256 for ANDROID_IDENTIFICATION 2021/12/06 12:28:59 INFO: Connection to ANDROID_IDENTIFICATION at LOCAL_NAS_IP_ADDRESS:49464-86.105.195.63:22067/relay-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256 closed: reading length: read tcp LOCAL_NAS_IP_ADDRESS:49464->86.105.195.63:22067: use of closed network connection 2021/12/06 12:28:59 INFO: Device ANDROID_IDENTIFICATION client is “syncthing v1.18.3” named “ANDROID_DEVICE_NAME” at LOCAL_NAS_IP_ADDRESS:47221-LOCAL_ANDROID_IP_ADDRESS:22000/tcp-client/TLS1.3-TLS_CHACHA20_POLY1305_SHA256

android1421×842 70.6 KB

Please see

https://docs.syncthing.net/users/relaying.html

hi

thank you for your quick response.

it looks like a firewall issue on my synology nas. i have added the ports which i have found in the documentation. but it doesn’t work.

current iptables (screenshot)

iptables-nas1110×832 150 KB

it does work now

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.