What's new

Skynet Quad 9 being blocked by Skynet

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

BreakingDad

Very Senior Member
Just an observation, quad 9 is suddenly blocked by skynet.

Anyone else got this?

I whitelisted it. Fixed

Don't really understand why DNS servers suddenly get blocked.
 
This is the danger of publicly updated blocklists, occasionally stuff is blacklisted by not so nice actors, or genuine mistakes.
 
I did not experience this. If you are so inclined, identify which list the ban came from.
Code:
firewall stats search manualbans
firewall stats search {IP address}
 
I did not experience this. If you are so inclined, identify which list the ban came from.
Code:
firewall stats search manualbans
firewall stats search {IP address}
Unfortunately I have re installed skynet since this happened and no longer have that info. It now seems to have been globally whitelisted however
 
I would try to track down which blacklist is blocking it. @Bill Woodcock might be interested to know.
 
Code:
firewall banmalware exclude firehol_level3.netset
 
Say I want to exclude this list. Do I have to rerun this command again after reboot?
No, this setting will persist for the life of the Skynet installation. I can't find the external forum post, but firehol_level3 has been described as appropriate for a development environment but not a production environment.
 
No, this setting will persist for the life of the Skynet installation. I can't find the external forum post, but firehol_level3 has been described as appropriate for a development environment but not a production environment.
Is level 2 stricter or more lax than level 3? Skynet uses level 2 as well. Or do they pull from completely different bases and aren't built on one another?
 
Is level 2 stricter or more lax than level 3? Skynet uses level 2 as well. Or do they pull from completely different bases and aren't built on one another?
Level 2 and level3 are roughly the same size with 20% overlap. They are not composed of the same lists.

But it does not matter. The pattern of false positives, obvious ones like localhost or Quad9, have been consistent for years now. I don't think it should be in the default Skynet group.

If someone could find an alternative composed of similar lists minus the false positives, that would be be great.

firehol_level3
 
Screenshot 2021-06-04 212338.jpg


Looks to have been whitelisted now: https://otx.alienvault.com/indicator/ip/9.9.9.9
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top