ssf icon indicating copy to clipboard operation
ssf copied to clipboard
verified publisher icon securesocketfunneling

SSFD should disconnect non-TLS-authenticated socket connections

Open nebulous999 opened this issue 1 year ago • 1 comments

This is somewhat related to https://github.com/securesocketfunneling/ssf/issues/65 - concerns that connections can be made by anybody to SSFD's listening port.

I have configured TLS certificates for SSF and SSFD, per https://securesocketfunneling.github.io/ssf/#security-features

Due to constraints on the network I'm running SSF on, I have to set up external port forwarding from a common HTTP port to my SSFD machine listening on LAN port 8011. Unfortunately, after leaving ssfd running for a few days (listening on the external HTTP port), checking with TCPView, I often notice connections to a few unknown IP addresses. image

Looking up those IPs... https://www.ip-lookup.org/location/152.32.211.247 https://www.ip-lookup.org/location/47.250.82.130 These appear to be VPN/TOR/Proxy services located in Hong Kong and Malaysia. Even though no data was sent or received on these , it's a bit concerning to have unknown foreign machines connected to my SSFD instance.

SSFD should reject and eventually close any connections which don't receive data and complete a successful TLS handshake.

nebulous999 avatar Aug 26 '24 17:08 nebulous999