Skynet Skynet - Router Firewall & Security Enhancements

[Ubimo]

I pushed a hotfix, the error message will now show the IP which is causing the issue at the time. Post back accordingly if you see this message again..

I now have manually renewed my public IP/WAN connection 7 times. The message did not reappear.
Thank you!

 

[bluzfanmr1]

I'm not sure that AiProtection is doing anything after enabling it. It shows 0's in each module except for a 15 in the router assessment. It seems very different than Skynet. I feel good about it after reading past posts about it, though, especially after Adamm said Skynet was designed to run with Aiprotection.

I haven't noticed any appreciable decrease in performance. Ram usage is about 90%, same as before, and I still have both components of hardware acceleration, so far.

RT-AC86U 384.16 B3, RT-AC68U aimesh node w/ 384.15, Diversion, uiDivstats, Skynet, Scribe, uiScribe, Conmon, spdMerlin, scMerlin, Nsrum, and now AiProtection.

@JT Strickland
If you click on the following link you should get a malicious site warning and your stats will go up:

http://wrs49.winshipway.com

 

[dave14305]

I'm not sure that AiProtection is doing anything after enabling it. It shows 0's in each module except for a 15 in the router assessment. It seems very different than Skynet. I feel good about it after reading past posts about it, though, especially after Adamm said Skynet was designed to run with Aiprotection.

I haven't noticed any appreciable decrease in performance. Ram usage is about 90%, same as before, and I still have both components of hardware acceleration, so far.

RT-AC86U 384.16 B3, RT-AC68U aimesh node w/ 384.15, Diversion, uiDivstats, Skynet, Scribe, uiScribe, Conmon, spdMerlin, scMerlin, Nsrum, and now AiProtection.

Skynet will generally block things before AiProtection gets a chance to.

 

[JT Strickland]

Skynet will generally block things before AiProtection gets a chance to.

I was hoping that was the case.
However, there seems to be some other things going on. I waited about ten minutes for the lock to go away and it didn't. Do I need to "Import Aiprotect data"? or something? It seems backwards to me to "ban Aiprotect", but that's the way it said it was yesterday. Today I couldn't find it after I updated the last minimal script.
If anyone can point me in the right direction, I will appreciate it. BTW, i took out my client data with local ip's and mac addresses. I didn't know if it was ok to post them in a public forum or not. I have before, but wasn't sure. I will provide them if needed. Or whatever else.
jts

jtstrickland@RT-AC86U-8F38:/tmp/home/root# sh /jffs/scripts/firewall debug info
#############################################################################################################
#                                                                                                           #
#                  ███████╗██╗  ██╗██╗   ██╗███╗   ██╗███████╗████████╗    ██╗   ██╗███████╗                #
#                  ██╔════╝██║ ██╔╝╚██╗ ██╔╝████╗  ██║██╔════╝╚══██╔══╝    ██║   ██║╚════██║                #
#                  ███████╗█████╔╝  ╚████╔╝ ██╔██╗ ██║█████╗     ██║       ██║   ██║    ██╔╝                #
#                  ╚════██║██╔═██╗   ╚██╔╝  ██║╚██╗██║██╔══╝     ██║       ╚██╗ ██╔╝   ██╔╝                 #
#                  ███████║██║  ██╗   ██║   ██║ ╚████║███████╗   ██║        ╚████╔╝    ██║                  #
#                  ╚══════╝╚═╝  ╚═╝   ╚═╝   ╚═╝  ╚═══╝╚══════╝   ╚═╝         ╚═══╝     ╚═╝                  #
#                                                                                                           #
#                                 Router Firewall And Security Enhancements                                 #
#                             By Adamm -  https://github.com/Adamm00/IPSet_ASUS                             #
#                                            04/04/2020 - v7.1.5                                            #
#############################################################################################################


=============================================================================================================


Router Model; RT-AC86U
Skynet Version; v7.1.5 (04/04/2020) (569d0a487be92794908fed15b07473ba)
iptables v1.4.15 - (eth0 @ 192.168.1.1)
ipset v6.32, protocol version: 6
IP Address; (xxx.xxx.xxx.x.xxx)
FW Version; 384.16_beta3 (Mar 31 2020) (4.1.27)
Install Dir; /tmp/mnt/sda1/skynet (11.2G / 14.1G Space Available)
SWAP File; /tmp/mnt/sda1/myswap.swp (2.0G)
Syslog Location; (/opt/var/log/skynet-0.log) (/tmp/syslog.log-1)
Uptime; 0 days, 1 hours, 44 minutes.
Ram Available; (84M / 430M)

[*] Lock File Detected (start skynetloc=/tmp/mnt/sda1/skynet) (pid=31418)
[*] Locked Processes Generally Take A Few Minutes To Complete And May Result In Temporarily "Failed" Tests

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

LOCAL CLIENTS AND MAC ADDRESSES TAKEN OUT

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


--------------------                | ----------
| Test Description |                | | Result |
--------------------                | ----------

Internet-Connectivity               | [Passed]
Write Permission                    | [Passed]
Firewall-Start Entry                | [Passed]
Services-Stop Entry                 | [Passed]
Service-Event Entry                 | [Passed]
SWAP File                           | [Passed]
Cron Jobs                           | [Passed]
NTP Sync                            | [Passed]
IPSet Comment Support               | [Passed]
Log Level 5 Settings                | [Passed]
Duplicate Rules In RAW              | [Passed]
IPSets                              | [Passed]
IPTables Rules                      | [Failed]
Local WebUI Files                   | [Passed]
Mounted WebUI Files                 | [Failed]
MenuTree.js Entry                   | [Failed]


-----------                         | ----------
| Setting |                         | | Status |
----------                          | ----------

Skynet Auto-Updates                 | [Enabled]
Malware List Auto-Updates           | [Enabled]
Logging                             | [Enabled]
Filter Traffic                      | [Enabled]
Unban PrivateIP                     | [Enabled]
Log Invalid Packets                 | [Disabled]
Import AiProtect Data               | [Enabled]
Secure Mode                         | [Enabled]
Fast Switch List                    | [Disabled]
Syslog Location                     | [Custom]
IOT Blocking                        | [Disabled]
Country Lookup For Stats            | [Enabled]
CDN Whitelisting                    | [Enabled]
Display WebUI                       | [Enabled]

13/16 Tests Sucessful

[*] Rule Integrity Violation - [ #6 #7 #8 #16 #17 #18 ]

[*] Mounted File Missing - [ chart.js chartjs-plugin-zoom.js hammerjs.js skynet.asp stats.js ]


=============================================================================================================


[#] 183417 IPs (+0) -- 1717 Ranges Banned (+0) ||  Inbound --  Outbound Connections Blocked! [debug] [2s]

 

[Adamm]

Do I need to "Import Aiprotect data"? or something? It seems backwards to me to "ban Aiprotect", but that's the way it said it was yesterday. Today I couldn't find it after I updated the last minimal script.

I renamed the option in the settings menu's to "Import AiProtect Data" so the functionality is more clear.

However, there seems to be some other things going on. I waited about ten minutes for the lock to go away and it didn't.

Give it some more time and it should fix its-self, its probably due to ipapi rate limiting people randomly again, I have a new provider I will most likely switch to in future.

 

[JT Strickland]

@JT Strickland
If you click on the following link you should get a malicious site warning and your stats will go up:

http://wrs49.winshipway.com

Yep, that did it, I saw Aiprotect at work. Thanks.

 

[JT Strickland]

I renamed the option in the settings menu's to "Import AiProtect Data" so the functionality is more clear.




Give it some more time and it should fix its-self, its probably due to ipapi rate limiting people randomly again, I have a new provider I will most likely switch to in future.

Thanks, I really appreciate it.

 

[m3a1]

No adverse effects, I've happily run both for years now without any downside. Don't believe the hype surrounding "privacy concerns"

Isnt Aiprotection sending you data to Trend Micro ? How talkative are those asus routers, do they phone home ? Thanks.

 

[Adamm]

Isnt Aiprotection sending you data to Trend Micro ? How talkative are those asus routers, do they phone home ? Thanks.

The subject has been beaten to death on these forums. A quick search will find the long drawn out topics. If you are so worried about them "sending your data" you should also quit using your current AV, stop using windows/apple/android devices and unplug from the internet.

 

[L&LD]

Not to mention actively staying indoors, sitting wearing an oversized dark hoodie, long pants, and large sunglasses with your hands within the sleeves.

With your shades drawn and your windows painted black too, just in case.

 

[^Tripper^]

Not to mention actively staying indoors, sitting wearing an oversized dark hoodie, long pants, and large sunglasses with your hands within the sleeves.

With your shades drawn and your windows painted black too, just in case.

You just described my Mondays.

 

[L&LD]

@^Tripper^ and you just made my day.

 

[Butterfly Bones]

Not to mention actively staying indoors, sitting wearing an oversized dark hoodie, long pants, and large sunglasses with your hands within the sleeves.

With your shades drawn and your windows painted black too, just in case.

No chance on that, "social (physical) distance, yes - shelter at home, yes - but I am a West Coast sunshine kid for my many decades. I can still find I isolated places to sit outside in the fresh air and read my books or iPad. Sometimes in the sun, sometimes in the shade. "Don't fence me in."

 

[dave14305]

You just described my Mondays.

Bravo if you can still differentiate days of the week amidst the sheltering, but that’s really an issue for the OT thread...

 

[L&LD]

@Butterfly Bones, I'm with you. Sunshine and no fences for a month of Sunday's is not enough, I need more!

But yes, please let us keep our social distance when we pass each other on a random path.

 

[JT Strickland]

Isnt Aiprotection sending you data to Trend Micro ? How talkative are those asus routers, do they phone home ? Thanks.

They aren't nearly as bad as Microsoft, and a whole host of others. If I was going to quit a software, they would be at the top of the list.

 

[RMerlin]

I wouldn't get your hopes up, there are still a lot of limitations with WSL compared to a regular Linux distro.

WSL2 still cannot run 32-bit binaries, preventing the Broadcom toolchain from working.

 

[glenn g]

quick question, i love Skynet by the way.

It gives me the list of unique connections blocked outbound--but how do I get the source IP? i want to see which PC is the problem...

 

[Wisiwyg]

Ditto...

 

[Adamm]

It gives me the list of unique connections blocked outbound--but how do I get the source IP? i want to see which PC is the problem...

For a generalized overview you can use the stats command;

sh /jffs/scripts/firewall stats

For an individual search, use the following command;

sh /jffs/scripts/firewall stats search ip xxx.xxx.xxx.xxx

Where the individual computer will be the SRC address in these logs.