How secure is Syncthing against breaking and entering?
I’m currently running Syncthing on port 22000 where I get very few port knocks. I’m going to need to move it to port 80 because I have a client behind a firewall that only permits outbound traffic to 80+443 (and 443 is in use). I get lots of attempts to break into my site via port 80. Some make many rapid connects, some send large frames, some try to spoof various protocols.
How hardened against attack is Syncthing? For example, my ssh is set up such that unless the initial frame is ‘just right’ the ssh server drops the connection. Is syncthing knock-resistant?
I suspect you might not be able to move it, as port 80/443 usually have some proxy in the middle that inspects traffic, which might not like the fact it’s not http.
Syncthing is not “knock resistant” as it uses standard protocols such as TLS that requires atleast a few packets in both directions to do a handshake, which then goes into Syncthings code which then does verification of the other peer, so if you are worried about this, I suspect you’ll see a ton of info messages about unknown devices and broken connections.
That does not mean syncthing is not secure, it is, but it’s definitely not written to prevent knocking from being visible, so it will be as good as Go’s TLS library is in terms of recognising TLS traffic before it becomes Syncthing traffic.