What's new
By:

kernel: [BLOCKED - INBOUND]

J

JohnD5000

Very Senior Member
Can anyone tell me what all these kernel: [BLOCKED - INBOUND] lines are in my log...and how to stop them? I get a line like this every 3-10 seconds!

Running an AC86U with Merlin 386.2_4

Note: the MAC=ZZ part is my routers mac address, not sure what the rest is.

May 24 21:52:34 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:18:8b:9d:d4:58:22:08:00 SRC=193.27.228.188 DST=XX.XX.XXX.X LEN=40 TOS=0x00 PREC=0x20 TTL=241 ID=14450 PROTO=TCP SPT=40068 DPT=57105 SEQ=1368156261 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
 
Last edited:
It's Skynet. Disable inbound blocking in the menu, or disable logging in the menu. Or ignore the logs.

EDIT: The DST= value would be your WAN address. Most people prefer to redact that info.
 
Last edited:
  • Like
Reactions: Gar
Hate to hijack but have a related question. I get a ton of this traffic, the ZZZZs would represent my router's MAC and the XXXXs are my public IP, to the point that once or twice a day it cripples my AX86U. There are instances when I'll get 40-50 each second for a little while and the router will drop all outbound connections. It doesn't reboot but the CPU usage goes 100% on one, maybe two cores, and the other two are fairly high as well. After a few minutes everything returns to business as usual. Not sure if this would be classified as a DoS attack, but that would fit my understanding of the situation. The last attack about an hour ago came from what looks like an ISP in Bergen NJ.

I think the good news is that the Skynet firewall is blocking said traffic, but dropping my connection is a major PITA. What are my options here? More importantly, how unsafe it this?

Here's a snip, as I said, there were about 50 per second for a few minutes.

May 25 12:26:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=64272 PROTO=TCP SPT=32766 DPT=30510 SEQ=2942035713 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=12606 PROTO=TCP SPT=32766 DPT=10296 SEQ=1446933049 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=46488 PROTO=TCP SPT=32766 DPT=56223 SEQ=2225931576 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=13577 PROTO=TCP SPT=32766 DPT=63242 SEQ=962373948 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=15348 PROTO=TCP SPT=32766 DPT=64513 SEQ=4141460682 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=38554 PROTO=TCP SPT=32766 DPT=32254 SEQ=2908782683 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=42700 PROTO=TCP SPT=32766 DPT=6947 SEQ=2489112272 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=23675 PROTO=TCP SPT=32766 DPT=14053 SEQ=2013528481 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=23898 PROTO=TCP SPT=32766 DPT=55447 SEQ=86568690 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=38067 PROTO=TCP SPT=32766 DPT=31639 SEQ=3108078619 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=30385 PROTO=TCP SPT=32766 DPT=47731 SEQ=2241243133 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=62681 PROTO=TCP SPT=32766 DPT=35442 SEQ=4115338644 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=48080 PROTO=TCP SPT=32766 DPT=24375 SEQ=3180826584 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=59026 PROTO=TCP SPT=32766 DPT=64621 SEQ=98333120 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=33585 PROTO=TCP SPT=32766 DPT=7261 SEQ=731313235 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=60776 PROTO=TCP SPT=32766 DPT=58273 SEQ=925984246 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=50241 PROTO=TCP SPT=32766 DPT=23969 SEQ=4017484511 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54614 PROTO=TCP SPT=32766 DPT=58161 SEQ=2516147544 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=28433 PROTO=TCP SPT=32766 DPT=58337 SEQ=583526351 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=43207 PROTO=TCP SPT=32766 DPT=181 SEQ=749454157 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=51190 PROTO=TCP SPT=32766 DPT=48101 SEQ=1783371564 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=25791 PROTO=TCP SPT=32766 DPT=31834 SEQ=163017690 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:19 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=37537 PROTO=TCP SPT=32766 DPT=59406 SEQ=1038553488 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:20 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=44446 PROTO=TCP SPT=32766 DPT=565 SEQ=1270400148 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:20 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=23755 PROTO=TCP SPT=32766 DPT=1440 SEQ=3753914964 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:20 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=26843 PROTO=TCP SPT=32766 DPT=35415 SEQ=3762784691 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
May 25 12:26:20 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ:ZZ SRC=64.227.14.214 DST=XX:XX:XX:XX LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=33210 PROTO=TCP SPT=32766 DPT=19796 SEQ=2323556305 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
 
And if you don’t have any open ports on the WAN, Skynet inbound blocking is really unnecessary IMO and can just create false anxiety because the regular firewall would have blocked those incoming connection attempts anyway. But it would have done it silently.
 
Do you think removing Skynet from the picture would prevent the router from overloading and dropping connections? I guess it's pretty easy to find out... I don't care about the log files but having my office VPN drop every few hours as the router goes into convulsions is annoying at best.
 
You must log in or register to reply here.

Similar threads

T
Solved RT-BE92U connections in AIMesh nodes intermittently dropped (Caused by FW 3.0.0.6 not compatible with FW 3.0.0.4 routers))
Replies
9
Views
2K
jksmurf
J
adri
Firewall, Port Forwarding, and DoS Question
Replies
8
Views
2K
ColinTaylor
C
J
Skynet Skynet - Blocked outbounds coming from the router itself?
Replies
12
Views
2K
JuanGF
J
P
Skynet show inbound block on Digital TV Vlan300
Replies
4
Views
1K
poudenes
P
J
AX86U constantly blocking repeated inbound connections
Replies
7
Views
2K
Tech9
Tech9
Similar threads
Thread starter Title Forum Replies Date
mcelicalderon GT-AXE11000 stuck in kernel boot loop after failed Merlin upgrades and factory reset (pureUBI, CFE accessible) Asuswrt-Merlin 4
C kernel: 0000: 13 04 01 ff 0d 58 00 f0 07 00 87 93 03 ff 03 59 & kernel: 0010: 04 20 Asuswrt-Merlin 2
consorts Solved remedy? kernel: update bss - wpa_ie and wpa2_ie is not null Asuswrt-Merlin 0
J Shelly IoT Devices (Switches) Drop off Network with kernel 'not mesh client, can't delete it' messages Asuswrt-Merlin 11
T RT-AX86U - VPN Director Rules are not saving. Logs flooded with kernel: jffs2: Argh. No free space left for GC Asuswrt-Merlin 23
J StrongSwan IPSec (Entware) - Missing kernel crypto modules Asuswrt-Merlin 1
tallytr Router restarts...kernel: brcmboard registered... Asuswrt-Merlin 17
Nas.CloudBusinessPortal What;s going on with my Kernel Asuswrt-Merlin 4
M Blocked MAC address keeps re-appearing Asuswrt-Merlin 5
D Sony Pictures Core Website Blocked Asuswrt-Merlin 9

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,818 (members: 8, guests: 1,810)
Back
Top