Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proxy service seems to be unintentially leaked to the external mobile network(version 41) #292

Closed
brlin-tw opened this issue May 2, 2024 · 5 comments
Closed

Proxy service seems to be unintentially leaked to the external mobile network(version 41) #292

brlin-tw opened this issue May 2, 2024 · 5 comments
Labels
bug Something isn't working

Comments

@brlin-tw
Copy link
Contributor

brlin-tw commented May 2, 2024

I notice the following screenshot has contained client IP addresses that are not from the Wi-Fi network interface:

Screenshot_20240502-173715

This is quite concerning as malicious actors on the mobile ISP network may use the proxy service for malicious activities, or infiltrate the device via the service's vulnerabilities.

I do not enable the "Bind Proxy to All Interface" option in the app settings(which is not toggleable anyway in version 41).
@pyamsoft
Copy link
Owner

pyamsoft commented May 2, 2024

How odd.

Given that the hotspot runs on a subnet that is different from the RFC and USB tethering space those IP addresses should not be showing at all.

You can toggle the switch off to disable the network traffic for those addresses, and in the future I can make the proxy drop connections to anything that is not in the same shared 192.168.49 space

@pyamsoft pyamsoft added the bug Something isn't working label May 2, 2024
pyamsoft added a commit that referenced this issue May 3, 2024
@pyamsoft
Prepare to drop non matching IP connections
6aad598 
Somehow, invalid IPs are finding our endpoint.
No idea how or why, but see #292

#292

We can avoid this by checking that all IP based clients
are within our "space" before accepting the connection
pyamsoft added a commit that referenced this issue May 3, 2024
@pyamsoft
Guard IP connections to the host address #292
863dc1f
pyamsoft added a commit that referenced this issue May 3, 2024
@pyamsoft
Guard IP connections to the host address #292
37ad62b
@brlin-tw
Copy link
Contributor Author

brlin-tw commented May 3, 2024

You can toggle the switch off to disable the network traffic for those addresses

It is already off when the issue is reproduced, though as of now this is the only time where I can notice this symptom.

@pyamsoft
Copy link
Owner

pyamsoft commented May 3, 2024

The next version 42 will reject connections from any devices that are outside of the owning subnet. Basically, anything that is not 192.168.49.XXX in your screenshot above would be rejected from the proxy.

@pyamsoft
Copy link
Owner

With the release of version 43, this bug should be fixed by rejecting any connection outside of 192.168.49.XXX

Thank you for your contribution to the project!

@brlin-tw
Copy link
Contributor Author

Thanks for the work!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pyamsoft @brlin-tw