What's new

Skynet Big trouble need help

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

David Donlin

Occasional Visitor
I have a AX86 and several ac68u thst I use as access points, not using AI mesh, all with latest firmware. Yesterday I think,suspect a virus got loose in the network. I can not browse the web from any wifi or wired connection. I have a collection linux desktops, ipads iphones, android phones. The ax86 is connected to isp, speed tests show full bandwith available, network tools show completed pings, traceroute show completed journeys. through the network tool menu. I can however browse through a vpn to sites. The Ax86 has skynet, shows normal activity, unbound, vnstats on it all working nicely. I need ideas, help on solving this one, so I reaching out to the community. Is nuking everything my only option? Thanks in advance for any help. :)
 
try use firefox and SRWare Iron - not sure what you are using but I had in the past challenge with google chrome and just stopped to use it.

8.8.8.8 is google DNS therefore I stopped to use browser that have it implemented.
 
I've tried firefox,ungoogled chromium and Vivaldi, same results. but will look at sr iron one I'm back up
 
Only from VPN connected clients
It is my browsing that is only effected
Sorry, I can't understand what you're describing.

Is it,
1. Effecting browsing only on all clients
2. Effecting browsing only on VPN clients only
3. Effecting browsing and ping on all clients
4. Effecting browsing and ping on VPN clients only

Check that DNS name resolution is working on the effected clients.
 
First, your description isn't great (no offense). You have not indicated why you think that a 'virus got lose'.
  • Do you have hits on AV software showing activity?
  • Did you run malwarebites or other analysis software to check systems?
    • Did you check system logs on either the clients or the router?
  • Why do you say "virus" but tag 'skynet?
    • Does skynet show a large number of outbound packets being blocked?
    • Why would a virus block web traffic but allow VPN traffic?
  • Finally, and maybe most importantly what was the last change you made to your network? What's set to 'auto update' that could impact your name resolution
Second, have you tried taking one node, resetting it to factory and connecting it (only) to your modem to see if you can get a single system to communicate with websites NOT using the VPN?

Finally, have you tried just doing an nslookup both on and off the VPN to see what answers you get?
 
First, your description isn't great (no offense). You have not indicated why you think that a 'virus got lose'.

My son was complaning about not being able to connect to wifi on phone/laptop a more involved conversation revived that he downloaded suspect files.
  • Do you have hits on AV software showing activity? no
  • Did you run malwarebites or other analysis software to check systems? yes appears to be clean
    • Did you check system logs on either the clients or the router? yes
  • Why do you say "virus" but tag 'skynet? I didn't tag skynet, was probably placed in wrong bucket, my bad.
    • Does skynet show a large number of outbound packets being blocked? no
    • Why would a virus block web traffic but allow VPN traffic? don't know, above my paygrade as they say
  • Finally, and maybe most importantly what was the last change you made to your network? What's set to 'auto update' that could impact your name resolution I had to change the sip setting in nat passthrough for voip to work but I restored it back to the original setting.
Second, have you tried taking one node, resetting it to factory and connecting it (only) to your modem to see if you can get a single system to communicate with websites NOT using the VPN? Currently working on that.

Finally, have you tried just doing an nslookup both on and off the VPN to see what answers you get?
the same answer.
d@d-NUC7i3DN:~$ nslookup microsoft.com
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
Name: microsoft.com
Address: 13.77.161.179
Name: microsoft.com
Address: 104.215.148.63
Name: microsoft.com
Address: 40.76.4.15
Name: microsoft.com
 
@David Donlin Anything in system logs? What does Network Map Internet icon shows for devices?
 
It was showing either wifi icon with an x or an Exclamation Mark ! But I think I figured it out by taking cptnoblivious suggestion and rebuilding from scratch. So far so good been up about 3 hours we'll see. Thanks everyone for your help. Still would like to know how and why. All machines and all access points, bizarre !

 
@David Donlin glad that it's working so far. You may never know what caused it, though my first guess is that something broke name resolution. Though, based on your detailed response to my earlier post, I didn't see anything in there that would have changed it.

Hopefully you'll be able to get everything back up and running normally now that you're starting with a clean install :)
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top