Skynet Skynet - Router Firewall & Security Enhancements

[dave14305]

so you guys think skynet dont helps with gaming ;D ^^ any futher tips for low latency

If science would put as much effort into a vaccine as you put into your latency, this pandemic would have been over weeks ago.

 

[AntonK]

If science would put as much effort into a vaccine as you put into your latency, this pandemic would have been over weeks ago.

Haha!

 

[raion969]

xD haha maybe i am just a gamer who dont like bad hit reg haha xD

 

[Adamm]

Hi, I have been using Skynet for 3 or 4 weeks now and recently I have noticed 2 issues and am look to find out if it Skynet or not.
1. Updates from Google store have been very slow, almost a crawl.
2. Today I am in the middle of downloading a major update from AT&T for the note 9 and it too is exhibiting the same very slow download. The file size is 1012.22mb and after over 2 hours it's only downloaded 36.6mb, 3%.

My note is on my local wifi network and in the past it would take maybe 20-30 minutes to download such a update.

I do realize it may be AT&T but both issues seem very odd to me, since I not seen this behavior until now.

So I am asking is there a connection to Skynet? How can I check it?

Thanks

OK. Does not seem to be Skynet as I rebooted the router, RT-AC5300 and the update finished in a about 2 minutes.

All seems well now.

Thanks

I can say without question your issues were not Skynet related. Skynet either blocks an address or it doesn't, there is no middle ground where it may "slow" a connection. Adding to that assuming logging is enabled, Skynet will always log every connection it blocks, there is never an exception to this rule. So if you don't see anything in your syslog, then the issue isn't Skynet.

 

[raion969]

What i can feel is that my hit registration ingame got worse when i use skynet

 

[Adamm]

What i can feel is that my hit registration ingame got worse when i use skynet

I don’t think feelings are a valid unit of measurement. What I think is actually happening is that you are hypersensitive due to the recent installation of new scripts and your quest for no latency.

 

[CriticJay]

If science would put as much effort into a vaccine as you put into your latency, this pandemic would have been over weeks ago.

LMAO, I was thinking the same thing ... it's ok, I remember when I was younger and played Counterstrike, I may have been similarly obsessed with ping times...

 

[barutchiev]

Hello! I have had skynet for a few days and my logs is flooded with the following entries.

Jul 28 16:55:05 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:6b:ee:a8:40:d8:55:06:9b:43:08:00 SRC=45.145.66.33 DST=XX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=11479 PROTO=TCP SPT=58431 DPT=37201 SEQ=29573227 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Jul 28 16:55:13 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:6b:ee:a8:40:d8:55:06:9b:43:08:00 SRC=45.145.66.33 DST=XX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=62577 PROTO=TCP SPT=58431 DPT=37511 SEQ=764517147 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Jul 28 16:55:17 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:6b:ee:a8:40:d8:55:06:9b:43:08:00 SRC=94.102.49.191 DST=XX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=27258 PROTO=TCP SPT=58859 DPT=3496 SEQ=792828479 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Jul 28 16:55:31 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:6b:ee:a8:40:d8:55:06:9b:43:08:00 SRC=45.145.66.33 DST=XX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=62679 PROTO=TCP SPT=58431 DPT=39571 SEQ=1257870249 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Jul 28 16:55:32 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:6b:ee:a8:40:d8:55:06:9b:43:08:00 SRC=183.136.225.45 DST=XX.XXX.XXX.XXX LEN=44 TOS=0x08 PREC=0x20 TTL=108 ID=42540 PROTO=TCP SPT=13688 DPT=1935 SEQ=1960750360 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B4)
Jul 28 16:55:33 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:6b:ee:a8:40:d8:55:06:9b:43:08:00 SRC=211.65.196.105 DST=XX.XXX.XXX.XXX LEN=48 TOS=0x08 PREC=0x20 TTL=98 ID=18813 PROTO=TCP SPT=50581 DPT=22 SEQ=716793717 ACK=1629916811 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
Jul 28 16:55:49 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:6b:ee:a8:40:d8:55:06:9b:43:08:00 SRC=192.35.169.38 DST=XX.XXX.XXX.XXX LEN=44 TOS=0x08 PREC=0x40 TTL=31 ID=23350 PROTO=TCP SPT=48333 DPT=8883 SEQ=3523205794 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 OPT (020405B4)
Jul 28 16:55:54 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:6b:ee:a8:40:d8:55:06:9b:43:08:00 SRC=202.154.180.51 DST=XX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=12690 PROTO=TCP SPT=54029 DPT=12929 SEQ=479723262 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0

Is there a way to reduce them, because there is no way to track any problems in the huge log

 

[CriticJay]

Hello! I have had skynet for a few days and my logs is flooded with the following entries.

Jul 28 16:55:05 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:6b:ee:a8:40:d8:55:06:9b:43:08:00 SRC=45.145.66.33 DST=XX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=11479 PROTO=TCP SPT=58431 DPT=37201 SEQ=29573227 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Jul 28 16:55:13 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:6b:ee:a8:40:d8:55:06:9b:43:08:00 SRC=45.145.66.33 DST=XX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=62577 PROTO=TCP SPT=58431 DPT=37511 SEQ=764517147 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Jul 28 16:55:17 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:6b:ee:a8:40:d8:55:06:9b:43:08:00 SRC=94.102.49.191 DST=XX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=27258 PROTO=TCP SPT=58859 DPT=3496 SEQ=792828479 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Jul 28 16:55:31 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:6b:ee:a8:40:d8:55:06:9b:43:08:00 SRC=45.145.66.33 DST=XX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=62679 PROTO=TCP SPT=58431 DPT=39571 SEQ=1257870249 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Jul 28 16:55:32 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:6b:ee:a8:40:d8:55:06:9b:43:08:00 SRC=183.136.225.45 DST=XX.XXX.XXX.XXX LEN=44 TOS=0x08 PREC=0x20 TTL=108 ID=42540 PROTO=TCP SPT=13688 DPT=1935 SEQ=1960750360 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B4)
Jul 28 16:55:33 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:6b:ee:a8:40:d8:55:06:9b:43:08:00 SRC=211.65.196.105 DST=XX.XXX.XXX.XXX LEN=48 TOS=0x08 PREC=0x20 TTL=98 ID=18813 PROTO=TCP SPT=50581 DPT=22 SEQ=716793717 ACK=1629916811 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
Jul 28 16:55:49 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:6b:ee:a8:40:d8:55:06:9b:43:08:00 SRC=192.35.169.38 DST=XX.XXX.XXX.XXX LEN=44 TOS=0x08 PREC=0x40 TTL=31 ID=23350 PROTO=TCP SPT=48333 DPT=8883 SEQ=3523205794 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 OPT (020405B4)
Jul 28 16:55:54 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:6b:ee:a8:40:d8:55:06:9b:43:08:00 SRC=202.154.180.51 DST=XX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=12690 PROTO=TCP SPT=54029 DPT=12929 SEQ=479723262 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0

Is there a way to reduce them, because there is no way to track any problems in the huge log

That's normal and can't be reduced AFAIK. Those log entries are kinda the whole point of Skynet.

 

[barutchiev]

That's normal and can't be reduced AFAIK. Those log entries are kinda the whole point of Skynet.

Тhank you! However, really finding problems in this logs is very difficult.

 

[Smokey613]

You may want to install scribe and uiScribe. It will at least separate the Skynet logs out of the normal syslog entries.

 

[Stevens243]

You may want to install scribe and uiScribe. It will at least separate the Skynet logs out of the normal syslog entries.

Just be careful tho, those might cause high ping times.

/S just in case this is needed here.

 

[Smokey613]

Just be careful tho, those might cause high ping times.

/S just in case this is needed here.

These programs cause no issues on my setup. Not sure how they would affect network latency.

 

[QuikSilver]

These programs cause no issues on my setup. Not sure how they would affect network latency.

the /S was a trigger for sarcasm.

 

[Smokey613]

the /S was a trigger for sarcasm.

LOL, I guess am not current on forum ”notations” as I was unaware of the meaning of /S I have accomplished one of my life‘s goal to learn something everyday.

 

[grifo]

Hi Adam, how would you see adding an option to create a copy of the Skynet's log file before it gets purged? Maybe going back to the last 5 files or so before the oldest one gets purged. As far as I know I can't handle it with logrotate as it would interfere with how Skynet deals with the file but maybe you could from within the script?

Earlier I've been looking into a big bunch of "TCP: time wait bucket table overflow" errors that my router logged two days ago and I wanted to check if there were any hits on the Skynet log at the same time but it doesn't go back far enough as it was purged yesterday.

It could be a worthwhile addition if it's not too much effort.

 

[leon]

May I know is it possible to config IOT device to have access to minidlan? I have a media player that has no business to connect to my internal network, except to access my songs on the USB drive attached to the router.

 

[brec]

New AC86U user -- how would Skynet relate to AiProtection/Trend Micro feature? Would I want that enabled if I used Skynet?

 

[Wisiwyg]

New AC86U user -- how would Skynet relate to AiProtection/Trend Micro feature? Would I want that enabled if I used Skynet?

Welcome!

Its a preference on security and what you're comfortable with. Trend AI routes everything through Trend Micro, so they see everything you do, absolutely everything. Skynet performs a similar service to an extent for firewall security, but its all handled locally. Adding the Suricata app picks up most of the rest of what Trend does for security, locally, but it is more difficult to configure, not really a new user friendly application, yet, there's good people working it.

Highly recommend installing the AMTM script first, then add on from the menu there. Diversion and Skynet highly recommended to start.

 

[brec]

Thanks! I had already installed amtm and #1 on its list of scripts, Diversion. Skynet is #2, so I came here to find out about it. And...
[tappity tap tap tap tappity tap]
Skynet installed!