Recent content by mongodb

One thing to note for anyone reading this- when running "top" keep a close watch on the sirq values: CPU: 1.9% usr 1.9% sys 0.0% nic 95.3% idle 0.0% io 0.0% irq 0.6% sirq When running top before solving my issue, whilst the usr and sys values were very low the sirq value was reading...

Nevermind, read up another thread where this was discussed not too long ago and RMerlin suggested enabling DoS protection but also noted that it is fairly useless against a DDoS attack which, in all fairness, is a different beast in itself.

Follow-up question- does anyone know how Skynet implements DoS protection if enabled? It's currently no enabled but I want understand what it does if I do choose to enable it.

Thanks Dave. Apologies, you're right. I have config'd Skynet to block both in and out: [4] --> Filter Traffic | [all] This makes more sense and I have seen an increase in port scans from Digital Ocean's ASN recently; as mentioned in my original post.

Here's a weekly view of CPU usage for the last week; notice the ramp up Thursday onwards:

Hi @ColinTaylor, thanks. Yep, you are defo right in suggesting that. Here's what I did just now- re-enabled Skynet and noticed erratic ping times. Went into firewall settings and disabled logging completely: [3] --> Logging | [Disabled] So, end result is that Skynet is...

Here's a summary of my findings so far: - erratic pings from LAN to Merlin interface and vice versa reported (>200ms intermittently) - suspected LAN cable from router to switch replaced; behaviour did not go away - unplugged WAN interface on Merlin and pings came back down to normal levels...

Hi @cptnoblivious, thanks for taking the time. Cheers for providing insight into Skynet processing outbound traffic and not non-open inbound. This is indeed correct as the logs suggest these are being logged by the kernel and not Skynet itself. You are bang on the money about logs though. I...

Hi guys, So starting approx. last Thursday I've noticed my Asus Merlin router become unresponsive for a few seconds before coming back to life. This has happened roughly 6-8 hours apart but hasn't been consistent. I have constant pings going to it and modem beyond Merlin; which both stopped...

Hi there, not sure if this helps you or not but I've managed to fix the issue. Please see the OP or the message above this one.

OK, so I realised what it was. I completely forgot I had setup a convoluted NAT on the internal router that NAT'd the destination host to a test DoH client in the DMZ. My bad! Tested from another non-172.16.150.0/24 host and expected result looks good: Apr 7 15:55:12 kernel: [BLOCKED -...

Apologies for the bump up; please can an expert here weigh in on this? Thanks in advance.

As a side note, I found this handy site for finding out country-based networks- https://www.countryipblocks.net/acl.php

Hi, Probably not the answer you're looking for but I've managed to do something similar using traffic monitoring via ntopng and the APIs that it comes with. Took a bit of manual scripting but I get notified when an IP not in the host list is seen on the network. Regards

Thanks :)