Diversion Diversion - the Router Ad-Blocker

[Makaveli]

I'll end the OT with stating that Skynet provides a link to that site when doing a search for sites that cannot be reached on outbound attempts.

/jffs/scripts/firewall stats search device 192.168.1.X 10

or 2,13,2,5,1from AMTM

Top 10 HTTP(s) Blocks (Outbound);
--------   | --------------       | --------------                                          | --------------                                | ----------------------                                   
| Hits |   | | IP Address |       | | AlienVault |                                          | | Ban Reason |                                | | Associated Domains |                                   
--------   | --------------       | --------------                                          | --------------                                | ----------------------                                   
99x        | 151.139.128.10       | https://otx.alienvault.com/indicator/ip/151.139.128.10  | BanMalware: firehol_level3.netset             | a3p5q4h4.stackpathcdn.com w4m9n4r9.stackpathcdn.com hothardware.com

Before the diversion update the site was accessible to me so that was the reason I posted here first. In my troubleshooting I would have checked Skynet next but figured I would throw a post up here just in case.

Thank you for the additional info.

 

[Swistheater]

Remember skynet is self aware.

 

[Danny Baromen]

Hi everyone, new to Diversion here and while it has been working perfectly for about a month now, I've noticed a little glitch and I'm not sure who's the culprit...

Every 2/3 days... I wake up to no internet access and have to reboot the router to get it back... everything else seems to work fine though.... could this be a diversion issue or something else?

 

[L&LD]

Hi everyone, new to Diversion here and while it has been working perfectly for about a month now, I've noticed a little glitch and I'm not sure who's the culprit...

Every 2/3 days... I wake up to no internet access and have to reboot the router to get it back... everything else seems to work fine though.... could this be a diversion issue or something else?

Which router? What firmware version?

What optional features have you enabled?

 

[Danny Baromen]

Asus RT-AC66U_B1 - ASUSWRT-Merlin 384.12
I have the standard version installed with pixelserv

 

[L&LD]

Asus RT-AC66U_B1 - ASUSWRT-Merlin 384.12
I have the standard version installed with pixelserv

Sorry, I meant other features on the router itself?

 

[Danny Baromen]

Ohhhh!

I have the traffic monitor saving stats to a usb drive, but that's about it.

 

[Danny Baromen]

Ok, so it happened again and i logged into the router and disabled Diversion and nothing changed, so its probably not Diversion.
I changed it from Cloudflare's DNS back to my ISP's DNS and will see if that fixes it.

 

[HairyA00]

I updated both amtm and diversion without an issue. After updating, if I choose to update again (not that there is any reason to update since I have the latest), I noticed an error message printed on-screen. Attached are the two screenshots.

View attachment 18630 View attachment 18631

I figured out what the issue was. I had scheduled reboots nightly at 4am via amtm. When the router would come back online, it wouldn't sync with the time servers, and my time was May 5, 2018. As a result, I guess diversion could not check for updates (or amtm) given that the time was off by over a year. I manually pulled the power, plugged it back in, it synced with the time servers and worked correctly. Needless to say, I disabled the automatic reboots nightly...

 

[Xentrk]

Ok, so it happened again and i logged into the router and disabled Diversion and nothing changed, so its probably not Diversion.
I changed it from Cloudflare's DNS back to my ISP's DNS and will see if that fixes it.

I had similar issues recently with my development router. I had the local DNS caching set to Yes for a month or so and no issues. Then, one day, I came home and no internet. A reboot fixed it. I had the same issue three days in a row. I then set local caching back to the default setting of No and have not had the issue since.

Tools -> Other Settings
Advanced Tweeks and Hacks Section
Wan: Use local caching DNS server as system resolver (default: No)

 

[Danny Baromen]

Ooooh i'll check that, thanks!

Edit: it was off and is still off

 

[Treadler]

Remember skynet is self aware.

So, sentient then?!
I am totally impressed!

 

[Ubimo]

I have a very large, custom+ list (800.000+ domains) in Diversion. Yet, uBlock Origin in chrome still finds a LOT to block although I already have this big list.
How can I block the same amount like uBlock Origin with Diversion? e.g. including these lists: https://imgur.com/a/Mzx7Ii9

 

[Treadler]

I have a very large, custom+ list (800.000+ domains) in Diversion. Yet uBlock Origin in chrome still finds a LOT to block although I already have this big list.
How can I block the same amount like uBlock Origin with Diversion?

Interesting. Are you using Skynet as well?

 

[HairyA00]

I have a very large, custom+ list (800.000+ domains) in Diversion. Yet uBlock Origin in chrome still finds a LOT to block although I already have this big list.
How can I block the same amount like uBlock Origin with Diversion?

The DNS requests originate at the browser, and uBlock Origin is running on the browser. Only if a request clears the uBlock Origin filters will it be forwarded to Diversion. uBlock Origin acts first, then Diversion.

uBlock Origin will stop anything that is in its block lists, regardless of how many blocklists you may have in Diversion.

 

[Ubimo]

Interesting. Are you using Skynet as well?

Yes.

The DNS requests originate at the browser, and uBlock Origin is running on the browser. Only if a request clears the uBlock Origin filters will it be forwarded to Diversion. uBlock Origin acts first, then Diversion.

uBlock Origin will stop anything that is in its block lists, regardless of how many blocklists you may have in Diversion.

I thought Diversion acts first, as it runs on the router itself? I thought Diversion blocks the incoming traffic before the traffic arrives at my browser (uBlock Origin)?

 

[HairyA00]

Yes.

I thought Diversion acts first, as it runs on the router itself? I thought it block the incoming traffic before the traffic arrives at my browser (uBlock Origin)?

Tail the log and you will see that requests that come from the browser with uBlock Origin installed are stopped by uBlock first and are never even requested by DNS. Then, if uBlock doesn't choose to filter out content, Diversion will catch it on the back-end. At least that's how my experience has been; my configuration is pretty standard/out of the box (Diversion Lite).

 

[martinr]

I have a very large, custom+ list (800.000+ domains) in Diversion. Yet uBlock Origin in chrome still finds a LOT to block although I already have this big list.
How can I block the same amount like uBlock Origin with Diversion? e.g. including these lists: https://imgur.com/a/Mzx7Ii9

Could be that all the domains that uBlock Origin blocks are already blocked in your massive list. In other words, if you unblocked/allowed them in uBlock Origin, you still wouldn’t be able to access the domain because of your Diversion blocklist. Duplication, if you like. Also, depending on how you’ve set up uBlock, eg too aggressive, some of the domains it blocks may be essential to get the website to work ie a kind of false positive. I have uBlock Origin and uMattix and sometimes it can take minutes to get a website to display correctly. If you block every single domain you might as well unplug your modem.

 

[HairyA00]

Could be that all the domains that uBlock Origin blocks are already blocked in your massive list. In other words, if you unblocked/allowed them in uBlock Origin, you still wouldn’t be able to access the domain because of your Diversion blocklist. Duplication, if you like. Also, depending on how you’ve set up uBlock, eg too aggressive, some of the domains it blocks may be essential to get the website to work ie a kind of false positive. I have uBlock Origin and uMattix and sometimes it can take minutes to get a website to display correctly. If you block every single domain you might as well unplug your modem.

And redundancy is okay; who cares if the same domains are blocked. But uBlock Origin will always have higher block stats than Diversion. My suggestion is to disable uBlock Origin for a few minutes and let Diversion go to work, just so you can see the difference (then turn uBlock Origin back on afterwards). Sinkholing domains isn't as 'pretty' as the extra work that uBlock Origin does to make websites look pretty. But it works nonetheless!

Do some experimenting, but as martinr suggested, redundancy won't hurt (in fact it'll help).

 

[Ubimo]

If you block every single domain you might as well unplug your modem.

Thanks for clarification. I know how to identify and resolve false positives. My initial thought was that Diversion acts first, then uBlock Origin.