What's new
By:

Skynet Am I blocking hacking attempts?

C

cc666

Very Senior Member
This is continuous on my GT-BE-98PRO log, every few seconds.

Jan 23 10:00:10 kernel: [BLOCKED - INBOUND] IN=vlan4094 OUT= (followed by a mac address)

Is this an external hack attempt being blocked?

CC
 
ColinTaylor said:
Impossible to say without seeing the source address(es) and knowing the port. Probably just port scanning.

Is vlan4094 your WAN interface?
Click to expand...
That VLAN is a hardwire to an LG TV with a firestick. I have another VLAN hardwired to another LG TV with a firestick that is clean, no blocks.

Here is more info:

Jan 23 10:00:09 kernel: [BLOCKED - INBOUND] IN=vlan4094 OUT= MAC=xxxxxxxxxxxxx SRC=78.128.114.130 DST=ROUTER IP ADDRESS)( LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=26759 PROTO=TCP SPT=57643 DPT=33333 SEQ=2660700893 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0

CC
 
ColinTaylor said:
Looks like normal port scanning. Do you see scans from other IP addresses? Perhaps you are you blocking Bulgaria in Skynet?

Click to expand...
When I check the ip address 78.128.114.130 I get this: Other search results also indicate as malicious.


1769185068882.png


CC
 
ColinTaylor said:
Like I said, that's normal port scanning. Nothing that's specifically targeting you. If you didn't have Skynet installed your router's built-in firewall would have dropped the traffic.
Click to expand...
Got it, I guess I can change the log level so it doen't flood the log?

CC
 
cc666 said:
Got it, I guess I can change the log level so it doen't flood the log?
Click to expand...
This is a Skynet message so that's where you should look for logging options. I don't use Skynet myself so don't know whether you can turn off specific types of message or whether you have to turn them all off.
 
cc666 said:
Got it, I guess I can change the log level so it doen't flood the log?
Click to expand...

If you change the default log level Skynet logging won't work. What you see is "the Skynet effect". With firewall logging enabled you just see the noise. If you don't understand what is happening it makes you think you are under attack. If you don't run any open to Internet services you don't need Skynet. Even if you do run open to Internet services Skynet with community maintained blocklists is unlikely to prevent real attack.
 
cc666 said:
Got it, I guess I can change the log level so it doen't flood the log?

CC
Click to expand...
Or, use scribe (available via amtm), which filters skynet messages to a separate log file.
 
Tech9 said:
If you change the default log level Skynet logging won't work. What you see is "the Skynet effect". With firewall logging enabled you just see the noise. If you don't understand what is happening it makes you think you are under attack. If you don't run any open to Internet services you don't need Skynet. Even if you do run open to Internet services Skynet with community maintained blocklists is unlikely to prevent real attack.
Click to expand...
So Skynet is useless in my case? I do not run any services internet services.

CC
 
cc666 said:
So Skynet is useless in my case? I do not run any services internet services.
Click to expand...
Correct. Unless perhaps you don't trust devices/people on your LAN and want something that blocks outgoing connections. Personally (for my use case) I regard Skynet as a waste of time.
 
cc666 said:
So Skynet is useless in my case?
Click to expand...

Useful in case you want to limit your own access to something. Skynet is an IP-blocker. The built-in firewall blocks all unsolicited connections by default. You are going to get the same noise in logs if you enable blocked packets logging in Firewall GUI section without Skynet. The reality - Skynet and AiPtotection did not stop any of the recent Asuswrt hacks. You understand community maintained blocklists are visible to hackers as well.
 
You perhaps don't need any scripts and USB sticks at all. Your Diversion is DNS-blocker and upstream filtering DNS services like AdGuard DNS do exactly the same thing. You even have it as preset in Asuswrt.
 
Tech9 said:
You perhaps don't need any scripts and USB sticks at all. Your Diversion is DNS-blocker and upstream filtering DNS services like AdGuard DNS do exactly the same thing. You even have it as preset in Asuswrt.
Click to expand...
With Adguard's ties to Russia I pass on that DNS. IMO not advisable.

CC
 
If you want to make your tech related decisions based on politics - the developers of Entware are Russian. It's needed for your Diversion. You have it installed on your router voluntarily. Congratulations.
 
Tech9 said:
If you want to make your tech related decisions based on politics - the developers of Entware are Russian. It's needed for your Diversion. You have it installed on your router voluntarily. Congratulations.
Click to expand...
I din't realize that! Now I have to reconsider. Is there any other way to get the results without dealing with the possibility of back doors from Russin programmers?

CC
 
Well... you need to figure it out. You may want to remove Asuswrt-Merlin firmware as well since at least one Russian developer is involved and for years. Netgear with 3rd party firmware is also not an option for you as the developer is also Russian. And don't forget Google is watching you, Sergey Brin... born in Moscow. 🤷‍♂️
 
Last edited:
Tech9 said:
Well... you need to figure it out. You may want to remove Asuswrt-Merlin firmware as well since at least one Russian developer is involved and for years. Netgear with 3rd party firmware is also not an option for you as the developer is also Russian. They are everywhere and even one was helping ASUS to fix the consequences of recent malware attack... so probably there is Russian link at ASUS as well. And don't forget Google is watching you, Sergey Brin... born in Moscow. 🤷‍♂️
Click to expand...
I get it, do you use these scripts with entware?

For the record, I fully trust Merlin Firmware.

CC
 
You must log in or register to reply here.

Similar threads

P
Skynet show inbound block on Digital TV Vlan300
Replies
4
Views
1K
poudenes
P
SkierInAvon
Very Strange WAN Login Entry…WAN Routing 192.168.1.20??? HUH?
Replies
6
Views
711
SkierInAvon
SkierInAvon
R
Skynet SkyNet, What's going on? should I be concerned?
Replies
18
Views
3K
Viktor Jaep
Viktor Jaep
Yiannis
Skynet Help me understand Skynet's outbound blocked connection
Replies
6
Views
3K
Yiannis
Yiannis
RMerlin
Technical information about the GT-BE19000AI
2
Replies
21
Views
4K
RMerlin
RMerlin
Similar threads
Thread starter Title Forum Replies Date
T Diversion Diversion ad blocking works with secure DNS disabled only Asuswrt-Merlin AddOns 17
K Skynet Blocking inbound-only traffic to my router from all countries other than mine Asuswrt-Merlin AddOns 5
B Skynet Skynet blocking Call of Duty (Warzone 3) Asuswrt-Merlin AddOns 10
T The dreaded "All download attempts failed" on amtm first run Asuswrt-Merlin AddOns 10

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 2,675 (members: 13, guests: 2,662)
Back
Top