• dariusj18@lemmy.world
    link
    fedilink
    English
    arrow-up
    33
    ·
    6 months ago

    Next article, “hackers abuse bash to list directory contents and write the output to a file.”

    • Kid@sh.itjust.worksOPM
      link
      fedilink
      English
      arrow-up
      5
      ·
      6 months ago

      Honestly, I didn’t think about vulnerability in SyncThing when I read the article. But I wondered why defense forces would have p2p open on their networks.

      • slazer2au@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        6 months ago

        When you say P2P you think torrents. But syncthing have rendezvou helpers to facilitate connections without seeing any data.

        • Kid@sh.itjust.worksOPM
          link
          fedilink
          English
          arrow-up
          5
          ·
          6 months ago

          Not necessarily. Torrent is a way to find a peer for direct connection or via a relay (of course that is more than that). Syncthing, even using a relay server, requires some ports available for at least outbound connection (22000 TCP/UDP or whatever port the relay is using). This should not be possible in a medium security network, let alone a defense network. I don’t know if syncthing works without a direct connection (to the peer or relay, something like transport via http proxy).