hi
i have installed syncthing on my synology nas and on my android phone lately. i have noticed a connection to a an external ip-address 86.105.195.63 (from romania). the ip-address 86.105.195.63 was also added as a relay address in my android phone (screenshot). did they got access to my files?
regards lino
these are the logs which i could find.
netstat:
tcp 0 0 LOCAL-IP-ADRESS:48984 86.105.195.63:22067 ESTABLISHED 13216/syncthing
process ID 13216:
syncthi+ 13216 1.7 6.9 813300 50108 ? SNl Nov28 202:02 | _ /volume1/@appstore/syncthing.net/bin/syncthing -home=/volume1/syncthing-data -logflags=3 -logfile=/volume1/syncthing-data/syncthing.log -no-browser -gui-address=http://0.0.0.0:8384
/volume1/syncthing-data/syncthing.log
looks like a normal local connection:
2021/12/06 09:04:37 INFO: Established secure connection to ANDROID_IDENTIFICATION at LOCAL_NAS_IP_ADDRESS:22000-LOCAL_ANDROID_IP_ADDRESS:22000/tcp-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256 2021/12/06 09:04:37 INFO: Device ANDROID_IDENTIFICATION client is “syncthing v1.18.3” named “ANDROID_DEVICE_NAME” at LOCAL_NAS_IP_ADDRESS:22000-LOCAL_ANDROID_IP_ADDRESS:22000/tcp-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256 2021/12/06 09:05:10 INFO: Connection to ANDROID_IDENTIFICATION at LOCAL_NAS_IP_ADDRESS:22000-LOCAL_ANDROID_IP_ADDRESS:22000/tcp-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256 closed: reading length: read tcp LOCAL_NAS_IP_ADDRESS:22000->LOCAL_ANDROID_IP_ADDRESS:22000: read: connection reset by peer
suspicious connection: the android identification and android device name are the same like in the normal local connection
2021/12/06 12:28:58 INFO: Established secure connection to ANDROID_IDENTIFICATION at LOCAL_NAS_IP_ADDRESS:49464-86.105.195.63:22067/relay-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256 2021/12/06 12:28:58 INFO: Device ANDROID_IDENTIFICATION client is “syncthing v1.18.3” named “ANDROID_DEVICE_NAME” at LOCAL_NAS_IP_ADDRESS:49464-86.105.195.63:22067/relay-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256 2021/12/06 12:28:59 INFO: Established secure connection to ANDROID_IDENTIFICATION at LOCAL_NAS_IP_ADDRESS:47221-LOCAL_ANDROID_IP_ADDRESS:22000/tcp-client/TLS1.3-TLS_CHACHA20_POLY1305_SHA256 2021/12/06 12:28:59 INFO: Replacing old connection LOCAL_NAS_IP_ADDRESS:49464-86.105.195.63:22067/relay-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256 with LOCAL_NAS_IP_ADDRESS:47221-LOCAL_ANDROID_IP_ADDRESS:22000/tcp-client/TLS1.3-TLS_CHACHA20_POLY1305_SHA256 for ANDROID_IDENTIFICATION 2021/12/06 12:28:59 INFO: Connection to ANDROID_IDENTIFICATION at LOCAL_NAS_IP_ADDRESS:49464-86.105.195.63:22067/relay-server/TLS1.3-TLS_CHACHA20_POLY1305_SHA256 closed: reading length: read tcp LOCAL_NAS_IP_ADDRESS:49464->86.105.195.63:22067: use of closed network connection 2021/12/06 12:28:59 INFO: Device ANDROID_IDENTIFICATION client is “syncthing v1.18.3” named “ANDROID_DEVICE_NAME” at LOCAL_NAS_IP_ADDRESS:47221-LOCAL_ANDROID_IP_ADDRESS:22000/tcp-client/TLS1.3-TLS_CHACHA20_POLY1305_SHA256