Skynet Outbound Blocks Question

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

BreakingDad

Senior Member
Should I be concerned about a few outbound blocks, and why are my devices sending out stuff to dodgy sites anyway? or sites that skynet considers dodgy.

I regularly get them on the occulus quest 2 , sometimes on phones and pcs as well and wondering if its a cause of concern or normal ?


I am guessing they are tracking apps in games or something.

Please advise.

Thanks Matt
 

dave14305

Part of the Furniture
If you don’t understand what the traffic is, consider it questionable at best until you do the research on the blocked destination IP. Once you understand your own patterns, you can better evaluate future blocks.
 

Tech9

Very Senior Member
wondering if its a cause of concern or normal ?

I wouldn't worry too much. Skynet is using community supported blocklists and they are not error free. My firewall is regularly complaining about IP addresses in South Korea. I didn't find anything wrong there, but someone flagged the IPs. My daughter is a fan of K-pop. I know, tell me about it.
 

Hazel

Regular Contributor
Should I be concerned about a few outbound blocks, and why are my devices sending out stuff to dodgy sites anyway? or sites that skynet considers dodgy.

In case like this I try to lookup the IP on Alienvault, it'll give you an expression what the reason is that the outgoing traffic was blocked. You can lookup an IP directy by using this url: https://otx.alienvault.com/indicator/ip/<insert blocked IP here>
 

BreakingDad

Senior Member
In case like this I try to lookup the IP on Alienvault
Yes I do look them up on Alienvault, via the skynet link. Then I get a list of 50 or so websites in China that point to the offending IP, listing a whole bunch of malware and trojans.

My question is why is a brand new Occulus Quest2 sending outbound data to these ips. That or a phone or PC.

I didn't find anything wrong there, but someone flagged the IPs
So they are just flagged ips because 1 of the 50 websites may have had a trojan on it historically?

I mean sometimes I get 100 outbound blocks going to the same ip from the same device.
 

ColinTaylor

Part of the Furniture
My question is why is a brand new Occulus Quest2 sending outbound data to these ips. That or a phone or PC.
That's impossible for us to say because we don't have access to your logs or network devices. As Dave said earlier you need to research the IP addresses and link it to your device usage.
 

BreakingDad

Senior Member
That's impossible for us to say because we don't have access to your logs or network devices. As Dave said earlier you need to research the IP addresses and link it to your device usage.
I was hoping for more of a general answer "This is normal, it's the software reporting back to the dev" for example
 

Hazel

Regular Contributor
I was hoping for more of a general answer "This is normal, it's the software reporting back to the dev" for example
It could definitely be a false positive (or a legit call home) but without the IP-address(es) there's nothing we can say for sure.
 

cptnoblivious

Regular Contributor
I found this morning that onenote is blocked (specifically onedrive.live.com etc) using the default blocklist. This is a nuisance and I'm actually debating turning off outbound blocking, don't need to start the day troubleshooting connectivity when working remotely.
 

Tech9

Very Senior Member
@BreakingDad, the more stuff you see, the more you freak out, the more you want to block and the things go downhill really fast. If I show you what Suricata log with default rules looks like (pfSense), you'll turn that Internet gadget off immediately, run outside and take down the ISP cable to your house.
 

BreakingDad

Senior Member
@BreakingDad, the more stuff you see, the more you freak out, the more you want to block and the things go downhill really fast. If I show you what Suricata log with default rules looks like (pfSense), you'll turn that Internet gadget off immediately, run outside and take down the ISP cable to your house.
Yeh I know, probably nothing, it looks like it may be DNS server, but why is a device in UK that none of which use a chinese DNS sending an outbound connection to a Chinese DNS server. I am beginning to suspect it may be tiktok doing it, as the occulus has not been on and it still showed a few hits today.
 

Tech9

Very Senior Member
I can't answer this question. Some people buy numerous shady IoT devices for absolutely no reason IMHO and their home is more connected to China, than to their own home country. I turn on my lights using my hands, my camera system is built by me and records locally, my door bell is connected by two wires to the ding-dong thingy. I have no issues with servers in China.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top