What's new

Skynet Outbound Blocks Question

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

BreakingDad

Very Senior Member
Should I be concerned about a few outbound blocks, and why are my devices sending out stuff to dodgy sites anyway? or sites that skynet considers dodgy.

I regularly get them on the occulus quest 2 , sometimes on phones and pcs as well and wondering if its a cause of concern or normal ?


I am guessing they are tracking apps in games or something.

Please advise.

Thanks Matt
 
If you don’t understand what the traffic is, consider it questionable at best until you do the research on the blocked destination IP. Once you understand your own patterns, you can better evaluate future blocks.
 
wondering if its a cause of concern or normal ?

I wouldn't worry too much. Skynet is using community supported blocklists and they are not error free. My firewall is regularly complaining about IP addresses in South Korea. I didn't find anything wrong there, but someone flagged the IPs. My daughter is a fan of K-pop. I know, tell me about it.
 
Should I be concerned about a few outbound blocks, and why are my devices sending out stuff to dodgy sites anyway? or sites that skynet considers dodgy.

In case like this I try to lookup the IP on Alienvault, it'll give you an expression what the reason is that the outgoing traffic was blocked. You can lookup an IP directy by using this url: https://otx.alienvault.com/indicator/ip/<insert blocked IP here>
 
In case like this I try to lookup the IP on Alienvault
Yes I do look them up on Alienvault, via the skynet link. Then I get a list of 50 or so websites in China that point to the offending IP, listing a whole bunch of malware and trojans.

My question is why is a brand new Occulus Quest2 sending outbound data to these ips. That or a phone or PC.

I didn't find anything wrong there, but someone flagged the IPs
So they are just flagged ips because 1 of the 50 websites may have had a trojan on it historically?

I mean sometimes I get 100 outbound blocks going to the same ip from the same device.
 
My question is why is a brand new Occulus Quest2 sending outbound data to these ips. That or a phone or PC.
That's impossible for us to say because we don't have access to your logs or network devices. As Dave said earlier you need to research the IP addresses and link it to your device usage.
 
That's impossible for us to say because we don't have access to your logs or network devices. As Dave said earlier you need to research the IP addresses and link it to your device usage.
I was hoping for more of a general answer "This is normal, it's the software reporting back to the dev" for example
 
I was hoping for more of a general answer "This is normal, it's the software reporting back to the dev" for example
It could definitely be a false positive (or a legit call home) but without the IP-address(es) there's nothing we can say for sure.
 
I found this morning that onenote is blocked (specifically onedrive.live.com etc) using the default blocklist. This is a nuisance and I'm actually debating turning off outbound blocking, don't need to start the day troubleshooting connectivity when working remotely.
 
@BreakingDad, the more stuff you see, the more you freak out, the more you want to block and the things go downhill really fast. If I show you what Suricata log with default rules looks like (pfSense), you'll turn that Internet gadget off immediately, run outside and take down the ISP cable to your house.
 
@BreakingDad, the more stuff you see, the more you freak out, the more you want to block and the things go downhill really fast. If I show you what Suricata log with default rules looks like (pfSense), you'll turn that Internet gadget off immediately, run outside and take down the ISP cable to your house.
Yeh I know, probably nothing, it looks like it may be DNS server, but why is a device in UK that none of which use a chinese DNS sending an outbound connection to a Chinese DNS server. I am beginning to suspect it may be tiktok doing it, as the occulus has not been on and it still showed a few hits today.
 
I can't answer this question. Some people buy numerous shady IoT devices for absolutely no reason IMHO and their home is more connected to China, than to their own home country. I turn on my lights using my hands, my camera system is built by me and records locally, my door bell is connected by two wires to the ding-dong thingy. I have no issues with servers in China.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top