Skynet Is skynet reporting wrong outgoing ip-addresses?

torstein

Regular Contributor
I've been getting more and more outbound blocks lately from my mac mini serving as a home server - downloads, media, network time machine backups and backblaze cloud backup. I clicked on the otx.alienvault links and this is what I found:

The first IP 157.97.132.236 (alienvault link) is from a company called Cyprus telecommunications Authority listening on 21 , 22 , 80, 123 , 143 , 443 , 587 , 3306 , 8080 , 8443. This entry has no tags. and under pulses is flagged as "internet white noise".

The second IP 141.95.89.126 (alienvault link) is from a company called OVH SAS, a french cloud computing company which listens on port 22 (SSH iirc) and has tags such as botnet, scanning, etc

The third IP for some reason is my mac mini servers own internal IP-address 192.168.50.205, for some reason. I guess that means nothing.

I didn't understand why my mac mini server has anything outbound to Cyprus telecommunications authroity and another to OVH SAS, a french cloud company.

I installed therefore Little Snitch for macOS. It's basically a firewall that shows which app or service / process tries to connect outbound and inbound to which ip-addresses and which countries they origin from.

Little Snitch didn't report any of these two addresses from my mac mini server.

So I'm wondering, is Skynet mixing something up? Why is it reporting ip-addresses being blocked outbound when Little Snitch on the mac itself didn't report any such IP-addresses?
 

dev_null

Senior Member
Skynet is only as good as the blocklists that you're using.

You need to take it up with the maintainers of the lists you use in Skynet.

So: no, it's not a Skynet issue, it's a list issue. I exclude several of the ipsets that block things that I want/need access to. But overall, a few "wrong" hits are a small price to pay.
 

torstein

Regular Contributor
But, I can't find the ip addresses skynet claims to have blocked in my software firewall. I don't understand how it can bypass the firewall on the computer, but the router picks it up and blocks it? I also don't understand why anything on my computer would call home to a cyprus telecom and french cloud service server.
 

Tech9

Part of the Furniture
What you don't understand is very simple - the more you tinker with your router the more issues you'll have. What step are you on currently?

 

torstein

Regular Contributor
Level 2 for now :D
 

Tech9

Part of the Furniture
Level 2 for now :D

Level 2 jumps straight to Level 7 when Skynet blocks again Quad9, it happens to be your DNS service and you're not home.

 

torstein

Regular Contributor
So you're saying I'm probably better off uninstalling skynet because it's too advanced for me (fair enough, I actually agree) or just leave it at default, but not worry about all the entries in the skynet logs, even if skynet blocks a ton of outbound traffic that I don't recognize? It's just noise that is meaningless and nothing to worry about?

I just have this irrational fear that I leave my home network open and exposed to all sorts of malware and hacks if I don't have skynet on top of the router firewall.
 

Tech9

Part of the Furniture
I just have this irrational fear that I leave my home network open and exposed to all sorts of malware and hacks if I don't have skynet on top of the router firewall.

It's perhaps because you don't know yet how router's firewall works + Skynet shows you blocks of what's already blocked. If it makes you feel more secured - run it and take responsibility for someone else's errors. It was you who installed it, correct? Stage 3 to 5.
 

torstein

Regular Contributor
Stage 4 made me chuckle a bit "WAN connection is getting closer to what LAN is". That's basically what I'm doing I think hahaha. My wife is already annoyed from all the whitelisting I have to do in NextDNS because of how aggressive 1Hosts Pro block list is. She frequently just theters her mac to her phone to bypass all my aggressive network restrictions. Hmmm... food for thought.
 

torstein

Regular Contributor
Okay this is strange.

I've been running all the apps that I did when Skynet reported those outbound blocks for the past 24+ hours, and so far 0 outbound blocks. How is that possible? Why and what was phoning home yesterday, but today is completely silent?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top