Should I be concerned about this? Merlin/Skynet Security

  • SNBForums will be unavailable for about 2 hours TODAY 23 January starting around 2PM EDT for a server changeover.

    All accounts and posts will be preserved.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Skeptical.me

Very Senior Member
My home network has mostly had this set up ...

ISP Modem/Router > ASUS RT-AX88U > Devices

I've just put the ISP Router in Bridge mode and set up the OpenVPN Server, and I am using it.

However, I'm concerned about security now the ASUS is directly exposed to the Internet.

I have Skynet installed but I just received this notification from Little Snitch on my iMac

Since I am largely inexperienced with security issues, should I be concerned?



 

martinr

Part of the Furniture
Don’t know about the Little Snitch notification, but SSH in to the Asus and

amtm > 2 > 11 and look at Option 8, Secure Mode, you’ll want that Enabled, and that will tell you your Asus router does not have its WebUI or SSH access exposed to the WAN. And check also that your Asus firewall is On.
 

Skeptical.me

Very Senior Member
Don’t know about the Little Snitch notification, but SSH in to the Asus and

amtm > 2 > 11 and look at Option 8, Secure Mode, you’ll want that Enabled, and that will tell you your Asus router does not have its WebUI or SSH access exposed to the WAN. And check also that your Asus firewall is On.

Thank you very much for the reply.

Okay, I've enabled Secure Mode in Skynet. And the Firewall is on with DDoS protection as well. The IPv6 Firewall is also on.

Any suggestions are welcomed. Just want to make sure I'm secure.
 

dave14305

Part of the Furniture
Check that you don’t have any port forwarding rules in the firewall. An outside IP shouldn’t be able to reach your Mac, so maybe you setup a port forward for ssh in the past?
 

Skeptical.me

Very Senior Member
Check that you don’t have any port forwarding rules in the firewall. An outside IP shouldn’t be able to reach your Mac, so maybe you set up a port forward for ssh in the past?
Great, thanks :)

I just checked the "WAN > Virtual Server/ Port Forwarding" and it isn't even enabled.
 

Skeptical.me

Very Senior Member
The Show button in the Little Snitch notification, does that provide any detailed info?
I clicked close before I thought to look (force of habit). I've never seen a notification for SSH like this one. So I got a little worried about it.
 

EmeraldDeer

Very Senior Member
firewall stats search port 22
 

Skeptical.me

Very Senior Member
Last edited:

Skeptical.me

Very Senior Member
I would have done the sane. Does Little Snitch perhaps have a History or a log that might have retained the info?
I couldn't find any History in preferences or the menu
 

Skeptical.me

Very Senior Member
He’s provided a Skynet command to search for blocks on port 22 (ssh).
Excellent. I have explored Diversion a lot over the last year or two but I've never really done much with Skynet. Thanks for the info
 

Skeptical.me

Very Senior Member
He’s provided a Skynet command to search for blocks on port 22 (ssh).
Here are the results :)

I also checked the Sharing settings in preferences on my iMac and "Remote Login (SSH)" was enabled. It is no longer.

Code:
First Block Tracked On Port 22;
Feb  4 01:42:34 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router

50 Most Recent Blocks On Port 22;
Feb  4 01:42:34 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  4 11:47:34 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  4 11:51:58 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  4 19:50:31 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  4 20:50:26 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  4 22:16:55 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  4 22:53:29 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  4 22:57:37 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  5 05:59:14 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  5 07:30:35 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  5 08:01:26 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  5 08:59:29 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  5 09:39:41 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  5 09:39:45 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
Feb  5 09:39:47 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=Router
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top