• Kid@sh.itjust.worksOPM
    link
    fedilink
    English
    arrow-up
    5
    ·
    6 months ago

    Honestly, I didn’t think about vulnerability in SyncThing when I read the article. But I wondered why defense forces would have p2p open on their networks.

    • slazer2au@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      6 months ago

      When you say P2P you think torrents. But syncthing have rendezvou helpers to facilitate connections without seeing any data.

      • Kid@sh.itjust.worksOPM
        link
        fedilink
        English
        arrow-up
        5
        ·
        6 months ago

        Not necessarily. Torrent is a way to find a peer for direct connection or via a relay (of course that is more than that). Syncthing, even using a relay server, requires some ports available for at least outbound connection (22000 TCP/UDP or whatever port the relay is using). This should not be possible in a medium security network, let alone a defense network. I don’t know if syncthing works without a direct connection (to the peer or relay, something like transport via http proxy).