What's new

Should I be concerned about this? Merlin/Skynet Security

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Skeptical.me

Very Senior Member
My home network has mostly had this set up ...

ISP Modem/Router > ASUS RT-AX88U > Devices

I've just put the ISP Router in Bridge mode and set up the OpenVPN Server, and I am using it.

However, I'm concerned about security now the ASUS is directly exposed to the Internet.

I have Skynet installed but I just received this notification from Little Snitch on my iMac

Since I am largely inexperienced with security issues, should I be concerned?



YuhqgGw.png
 
Don’t know about the Little Snitch notification, but SSH in to the Asus and

amtm > 2 > 11 and look at Option 8, Secure Mode, you’ll want that Enabled, and that will tell you your Asus router does not have its WebUI or SSH access exposed to the WAN. And check also that your Asus firewall is On.
 
Don’t know about the Little Snitch notification, but SSH in to the Asus and

amtm > 2 > 11 and look at Option 8, Secure Mode, you’ll want that Enabled, and that will tell you your Asus router does not have its WebUI or SSH access exposed to the WAN. And check also that your Asus firewall is On.


Thank you very much for the reply.

Okay, I've enabled Secure Mode in Skynet. And the Firewall is on with DDoS protection as well. The IPv6 Firewall is also on.

Any suggestions are welcomed. Just want to make sure I'm secure.
 
Check that you don’t have any port forwarding rules in the firewall. An outside IP shouldn’t be able to reach your Mac, so maybe you setup a port forward for ssh in the past?
 
Check that you don’t have any port forwarding rules in the firewall. An outside IP shouldn’t be able to reach your Mac, so maybe you set up a port forward for ssh in the past?

Great, thanks :)

I just checked the "WAN > Virtual Server/ Port Forwarding" and it isn't even enabled.
 
The Show button in the Little Snitch notification, does that provide any detailed info?

I clicked close before I thought to look (force of habit). I've never seen a notification for SSH like this one. So I got a little worried about it.
 
firewall stats search port 22
 
Last edited:
I would have done the sane. Does Little Snitch perhaps have a History or a log that might have retained the info?

I couldn't find any History in preferences or the menu
 
He’s provided a Skynet command to search for blocks on port 22 (ssh).

Excellent. I have explored Diversion a lot over the last year or two but I've never really done much with Skynet. Thanks for the info
 
He’s provided a Skynet command to search for blocks on port 22 (ssh).

Here are the results :)

I also checked the Sharing settings in preferences on my iMac and "Remote Login (SSH)" was enabled. It is no longer.

Code:
First Block Tracked On Port 22;
Feb  4 01:42:34 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router

50 Most Recent Blocks On Port 22;
Feb  4 01:42:34 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  4 11:47:34 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  4 11:51:58 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  4 19:50:31 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  4 20:50:26 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  4 22:16:55 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  4 22:53:29 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  4 22:57:37 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  5 05:59:14 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  5 07:30:35 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  5 08:01:26 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  5 08:59:29 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  5 09:39:41 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  5 09:39:45 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  5 09:39:47 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top