Skynet Skynet - Router Firewall & Security Enhancements

[Ubimo]

Feedback would be appreciated if you previously experienced these fork errors. @Therion87 @Ubimo

Thanks a lot, I cannot reproduce the error anymore. You are great!

 

[dave14305]

Don't know why it would be enabled then, the only instance in the source code that enables that applet is if the router is compiled with DSL_TCLINUX (i.e. for DSL modem/routers).

Has @Adamm compiled his own firmware, maybe missing a piece of @RMerlin's secret sauce? I noted the AEST timezone in the BusyBox compile time.

skynet@RT-AX88U-DC28:/usr/sbin# split --help BusyBox v1.25.1 (2019-10-10 16:59:57 AEST) multi-call binary.

 

[thelonelycoder]

(...) With that being said, I was finally able to reproduce the issue consistently by generating a large shared-*-whitelist file, it appears once these files have a combined total of 200-300 lines the firmware can't handle the load of parallel processing. To mitigate this, if Skynet detects a combined list size of over 150 entries it will process the contents in batches and wait until everything has completed before moving on. If your list size is under this limit you should notice no difference and see slightly faster results due to the Domain_Lookup optimizations.

Diversion has a max line count of 3000 for hosted lists (whitelist, blacklist, wildcard-blacklist). This number is high and I only added the check to make sure users are not abusing that otherwise helpful function. I might lower it in the next release.

 

[krgck]

I've been running skynet for a week and i get easily 2000 hits from inbound daily basis. I think thats kinda lot?

 

[cmkelley]

Don't know why it would be enabled then, the only instance in the source code that enables that applet is if the router is compiled with DSL_TCLINUX (i.e. for DSL modem/routers).

Can confirm difference in HND vs. non-HND. AC86U w/Merlin 384.13 downloaded from sourceforge, not complied (like I would have a clue how to do that anyways!) has /usr/bin/split. AC3200 w/Merlin 384.13 also downloaded, not compiled, does not have /usr/bin/split or split anywhere else.

Things that make you say "Hrmmmmmmmmmm"

 

[dave14305]

I've temporarily removed coinbl_hosts_browser.ipset until they remove the false positives before this turns into a bigger headache

Are we ready to live dangerously again? The list seems clean again.

 

[RMerlin]

Can confirm difference in HND vs. non-HND. AC86U w/Merlin 384.13 downloaded from sourceforge, not complied (like I would have a clue how to do that anyways!) has /usr/bin/split. AC3200 w/Merlin 384.13 also downloaded, not compiled, does not have /usr/bin/split or split anywhere else.

Things that make you say "Hrmmmmmmmmmm"

Found it. The build process is indeed adding it for HND, in a different location. Asus must have added it for some specific reason.

 

[Adamm]

I've been running skynet for a week and i get easily 2000 hits from inbound daily basis. I think thats kinda lot?

Only 2000? I've had almost 7000 in the last 24 hours

In any case that's completely normal and just part of today's "internet background noise"

skynet@RT-AX88U-DC28:/tmp/home/root# sh /jffs/scripts/firewall stats
#############################################################################################################
#                     _____ _                     _             __                      #
#                    / ____| |                   | |           / /                      #
#                   | (___ | | ___   _ _ __   ___| |_  __   __/ /_                      #
#                    \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \                     #
#                    ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |                    #
#                   |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/                     #
#                                 __/ |                                                 #
#                                |___/                                                  #
#                                                                                     #
## - 14/10/2019 -           Asus Firewall Addition By Adamm v6.9.0                    #
##                   https://github.com/Adamm00/IPSet_ASUS                            #
#############################################################################################################


=============================================================================================================


[i] Logging Data Detected in /tmp/mnt/USB/skynet/skynet.log - 1.6M
[i] Monitoring From Oct 15 04:16:19 To Oct 16 13:33:02
[i] 6884 Block Events Detected
[i] 1512 Unique IPs

Are we ready to live dangerously again? The list seems clean again.

I'll monitor it for a-little while longer, considering how many thousand people use Skynet the situation could have been a lot worse had we not identified it early and had some nvram values pre-whitelisted.

 

[iManuB]

sh /jffs/scripts/firewall stats
################################################################################
#                                _____ _                     _             __  #
#                               / ____| |                   | |           / /  #
#                              | (___ | | ___   _ _ __   ___| |_  __   __/ /_  #
#                               \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \ #
#                               ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |#
#                              |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/ #
#                                            __/ |                             #
#                                           |___/                              #
#                                                                              #
## - 14/10/2019 -                  Asus Firewall Addition By Adamm v6.9.0      #
##                                 https://github.com/Adamm00/IPSet_ASUS       #
################################################################################


================================================================================


[i] Logging Data Detected in /tmp/mnt/Skynet/skynet/skynet.log - 7.9M
[i] Monitoring From Oct 10 08:00:02 To Oct 16 07:03:50
[i] 34428 Block Events Detected
[i] 3805 Unique IPs
[i] 0 Manual Bans Issued

Thanks so much for this awesome script, @Adamm
34428 in only 6 days! Absolutely amazing!

 

[gattaca]

^^^ What should scare you is all the folks who have standard routers trying to fend off this stuff.. which are 90% never updated... Firmware.. WTH is firmware? LOL (sadly).

 

[#TY]

Curious: Was the name for this great firewall, SkyNet, inspired from "The Terminator" ?

 

[skeal]

Curious: Was the name for this great firewall, SkyNet, inspired from "The Terminator" ?

Absolutely!

 

[#TY]

Absolutely!

Absolutely love it! Well done!

 

[Adamm]

Curious: Was the name for this great firewall, SkyNet, inspired from "The Terminator" ?

Skynet gained self-awareness after it had spread into millions of computer servers all across the world; realizing the extent of its abilities, its creators tried to deactivate it. In the interest of self-preservation, Skynet concluded that all of humanity would attempt to destroy it and impede its capability in safeguarding the world. Its operations are almost exclusively performed by servers, mobile devices, drones, military satellites, war-machines, androids and cyborgs (usually a terminator), and other computer systems. As a programming directive, Skynet's manifestation is that of an overarching, global, artificial intelligence hierarchy (AI takeover), which seeks to exterminate the human race in order to fulfill the mandates of its original coding. (▀̿Ĺ̯▀̿ ̿)

 

[Blacklistedcard]

sh /jffs/scripts/firewall stats
################################################################################
#                                _____ _                     _             __  #
#                               / ____| |                   | |           / /  #
#                              | (___ | | ___   _ _ __   ___| |_  __   __/ /_  #
#                               \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \ #
#                               ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |#
#                              |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/ #
#                                            __/ |                             #
#                                           |___/                              #
#                                                                              #
## - 14/10/2019 -                  Asus Firewall Addition By Adamm v6.9.0      #
##                                 https://github.com/Adamm00/IPSet_ASUS       #
################################################################################


================================================================================


[i] Logging Data Detected in /tmp/mnt/Skynet/skynet/skynet.log - 7.9M
[i] Monitoring From Oct 10 08:00:02 To Oct 16 07:03:50
[i] 34428 Block Events Detected
[i] 3805 Unique IPs
[i] 0 Manual Bans Issued

Thanks so much for this awesome script, @Adamm
34428 in only 6 days! Absolutely amazing!

That's it... I get around 80,000 to 100,000 a day....

 

[keef]

Hello. I am trying out OpenVPN and I'm wondering if there is a way to test if Skynet if not just running but working as well as it normally does.

thanks, Bj

 

[Makaveli]

Hello. I am trying out OpenVPN and I'm wondering if there is a way to test if Skynet if not just running but working as well as it normally does.

thanks, Bj

Do you have OpenVPN running for all devices or policy based routing to a certain device?

 

[martinr]

Hello. I am trying out OpenVPN and I'm wondering if there is a way to test if Skynet if not just running but working as well as it normally does.

thanks, Bj

One thought: do you have any banned countries? If so, you could try to connect to a domain there. If not, temporarily ban, say, ru, and then try to connect to kaspersky etc.

 

[Adamm]

Hello. I am trying out OpenVPN and I'm wondering if there is a way to test if Skynet if not just running but working as well as it normally does.

thanks, Bj

If you are using the GUI then yes, Skynet will continue to filter your connections while enjoying the privacy of a VPN. As noted above you can verify this by banning a domain or IP and testing yourself.

 

[keef]

If you are using the GUI then yes, Skynet will continue to filter your connections while enjoying the privacy of a VPN. As noted above you can verify this by banning a domain or IP and testing yourself.

Thanks, great idea! I'm happy to report it is working fine, just sitting there in the background quietly working away.

-keef