The Computer Emergency Response Team of Ukraine (CERT-UA) reports about a new campaign dubbed "SickSync," launched by the UAC-0020 (Vermin) hacking group in attacks on the Ukrainian defense forces.
Interesting. I didn’t know that syncthing does hole punching.
From a defense perspective, how would this work with an enterprise firewall, with UDP/TCP only allowed to specific destinations or specific sources. Example: only the internal DNS relay server can access 53/UDP and only the internal proxy server can access 80/443. What I mean is in a network with a very closed firewall, how would Syncthing be able to connect with peers?
Bestbet would probably be block on an application level. I swapped to bitwarden since syncthing wasn’t liked by the AV on my work pc and I was using it to sync my password db.
Interesting. I didn’t know that syncthing does hole punching.
From a defense perspective, how would this work with an enterprise firewall, with UDP/TCP only allowed to specific destinations or specific sources. Example: only the internal DNS relay server can access 53/UDP and only the internal proxy server can access 80/443. What I mean is in a network with a very closed firewall, how would Syncthing be able to connect with peers?
If the firewall was properly locking down servers to functions then it shouldn’t work. But if it has general Web access sync thing is very resilient
This is the reason people use sync thing and recommend it, it’s really hard to kill
Bestbet would probably be block on an application level. I swapped to bitwarden since syncthing wasn’t liked by the AV on my work pc and I was using it to sync my password db.