SSFD should disconnect non-TLS-authenticated socket connections #110
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
{{ message }}
and others
This is somewhat related to #65 - concerns that connections can be made by anybody to SSFD's listening port.
I have configured TLS certificates for SSF and SSFD, per https://securesocketfunneling.github.io/ssf/#security-features
Due to constraints on the network I'm running SSF on, I have to set up external port forwarding from a common HTTP port to my SSFD machine listening on LAN port 8011.
Unfortunately, after leaving ssfd running for a few days (listening on the external HTTP port), checking with TCPView, I often notice connections to a few unknown IP addresses.
Looking up those IPs...
https://www.ip-lookup.org/location/152.32.211.247
https://www.ip-lookup.org/location/47.250.82.130
These appear to be VPN/TOR/Proxy services located in Hong Kong and Malaysia.
Even though no data was sent or received on these , it's a bit concerning to have unknown foreign machines connected to my SSFD instance.
SSFD should reject and eventually close any connections which don't receive data and complete a successful TLS handshake.
The text was updated successfully, but these errors were encountered: