Sign in to follow this  
mgr

Binding to particular interfaces/IPs

Recommended Posts

Looking to see if this is possible (some poking around hasn't turned up anything yet including dumping the strings from the binaries :) - would like to constrain the application to only bind on certain interfaces (in addition to the certain ports already offered from the configuration file).  Either specifying the interfaces by name (eth0/en0/etc) or by IP (10.0.0.1).  Ideally, I would like to lock it down to the point where the application can communicate ONLY on specified IPs so we can use it in a corporate environment with remote VPNs (private IP space) and not have to worry about random listening ports that can be probed/hacked or the prospect of randomly hitting firewalls (or having to put firewall rules in place to prevent accidental transfers over the internet).  Ideally an option like "listen_port" but include "listen_ip" or "listen_interface" and bind to that instead of INADDR_ANY (0.0.0.0).  Is this possible already and I'm just missing it, or is it feasible to have added (from a coding perspective, it should be trivial).  Thoughts?

Share this post


Link to post
Share on other sites

Firstly, it's not currently possible to set/specify which network interface Sync uses (feel free to suggest it in the Wishlist). A potential work-around would be to disable all but the network interface you wish to use before starting Sync.

 

Secondly, in terms of communicating on "specific IPs" - you could use the Predefined Hosts options (whilst disabling the Relay, Tracker, DHT, and Search LAN options)

 

Thirdly, please be aware that "reverse engineering" the binaries is against the Terms of Use

Share this post


Link to post
Share on other sites

Oh, I haven't reverse engineered the application or network protocol as of yet and really don't have any intention to do so - just trying to make sure it fits our security requirements prior to using it for anything of value.  Dumping the strings from the binary to see if there are hidden/undocumented configuration file parameters is far from reverse engineering (I'll break out either GDB or IdaPro if I'm going to do that....which I'm not :).  Thanks for the pointer, I'll make the suggestion on the Wishlist though.

 

As for disabling the network interfaces, that is not a viable option if you are talking about VPNs where you want the application to use the VPN tunnel, but not the native interface (ie, tunnel over ppp0 rather than talking out eth0).

 

Lastly, the "specific IPs" option does seem like it may do the trick if there are no DHCP addresses involved (although one could have a central server on a static IP that everyone else knows how to get to via "specific IPs" if the clients coming in over VPN are DHCP'ed).  In testing that, I have seen other troubling network traffic (like, who/what is "usyncapp.com" and why is traffic transiting there even when all relay/tracker/dht/search-lan options are turned off??!?)

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this