1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Skynet - Asus Firewall Addition (Dynamic Malware/Country/Manual IP Blocking)

Discussion in 'Asuswrt-Merlin' started by Adamm, Apr 16, 2014.

  1. TheOldMan

    TheOldMan Regular Contributor

    Joined:
    Jan 24, 2013
    Messages:
    122
    Location:
    USA
    Just curious, why are there so many alienvault and speedtest blocks? Speedtest scans ports and is blocked? Alienvault bans bad ips?
     
    MartinDEE likes this.
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. yk101

    yk101 Senior Member

    Joined:
    Apr 14, 2017
    Messages:
    209
    I think you are referring to the URLs shown in the report. Those are not the addresses being blocked! The IP at the end of the URL is what is being actually blocked.
     
  4. dugaduga

    dugaduga Occasional Visitor

    Joined:
    May 12, 2018
    Messages:
    21
    @Adamm, have you seen IP void? http://www.ipvoid.com/scan/93.184.220.29/ its far better than alienvault; alienvault results are listed as one of dozens though unfortunately does require a captcha. Would be nice if something like this was integrated into your firewall!
     
  5. Yousif Kelaita

    Yousif Kelaita New Around Here

    Joined:
    Jul 3, 2018
    Messages:
    2
    I am getting the following:

    upload_2018-7-2_22-11-28.png

    And it does not go away after 20-60 seconds. Any troubleshooting I can do?
     
  6. Patrick Walden

    Patrick Walden New Around Here

    Joined:
    Jan 12, 2018
    Messages:
    3
    On my Netgear R7000, it takes around 2-3 minutes. My list is huge and the router is getting older every day.. so long as it eventually returns to normal (no lock file messages), you are fine. I've put Skynet on a few clients routers that were Asus brand and the time it took was always variable. Best of luck and enjoy all the awesome features. Adamm is the man.

    PS - @Adamm if you see this or anyone else who might know the answer, is there a BTC address for donations? I also have 20 some dollars of ethereum in an account which doesn't meet the minimum to transfer to my bank, I'd gladly send that your way too :)
     
  7. DonnyJohnny

    DonnyJohnny Senior Member

    Joined:
    Dec 17, 2017
    Messages:
    477
    People... you really taking stopwatch to time it and reload immediately?
    Depending on you router and size of list.
    Mine took 130 sec.
    Just wait for 3 min the reload. Patience.

    Maybe @Adamm need change the text to 2 min or even 3 min to reduce unnecessary posts regarding this issue. Already seen a lot of posts on this.
     
    Adamm likes this.
  8. Adamm

    Adamm Very Senior Member

    Joined:
    Mar 26, 2013
    Messages:
    1,503
    Looks decent, will have todo some comparisons at some point.

    If its still there after 5 minutes then let me know, otherwise its working as expected. (Make sure you are not doing something like restarting Skynet which will cause the output you are seeing)

    Just Paypal unfortunately, never really dabbled in crypto. Thanks for the support anyway.
     
    Wisiwyg likes this.
  9. Yousif Kelaita

    Yousif Kelaita New Around Here

    Joined:
    Jul 3, 2018
    Messages:
    2
    It persisted for a few hours until I rebooted the router and it returned to normal. But while it was in that state it was not running. I can wait for it to happen again, let me know if there's any debugging info that would be useful to you.
     
  10. DonnyJohnny

    DonnyJohnny Senior Member

    Joined:
    Dec 17, 2017
    Messages:
    477
    Question @Adamm
    I do a whitelist domain using command. The whitelist is saved and site is working. However when I check the whitelist in /jffs, it seems like it is not added in. Why? I think in few version back, the save is ok.
    I did some whitelist yesterday and I saw it is in the /jffs/shared-Skynet2-whitelist
    Why it is not consistent? Does it need any other command to push the changes into /shared-Skynet2-whitelist?

    Edit: I think I got the shared-skynet2-whitelist update using the whitelist refresh. However I like to ask why the update wasn’t immediately after I added the whitelist domain using command or GUI.
     
    Last edited: Jul 4, 2018
  11. Adamm

    Adamm Very Senior Member

    Joined:
    Mar 26, 2013
    Messages:
    1,503
    The list is only currently refreshed during banmalware, whitelist refresh and startup. I'll look and see if the change fits.
     
  12. DonnyJohnny

    DonnyJohnny Senior Member

    Joined:
    Dec 17, 2017
    Messages:
    477
    U mean banmalware update? For most user which is 24 hr update once. In the event if the router is restart within the 24 hr, the whitelist will not be saved?

    The refresh during startup, how/where it would update the list from? Wasn’t it cleared due to router restart?
     
  13. thelonelycoder

    thelonelycoder Part of the Furniture

    Joined:
    Jan 23, 2014
    Messages:
    4,176
    Location:
    Switzerland
    And this thread has now over twohundred thousand views.
    Congrats @Adamm !
    Keep up the good work.
     
  14. skeal

    skeal Very Senior Member

    Joined:
    Apr 30, 2016
    Messages:
    1,462
    Wow!! Nice one @Adamm ! ;)
     
    Adamm likes this.
  15. johnathonm

    johnathonm Regular Contributor

    Joined:
    Aug 1, 2014
    Messages:
    92
    Hi Adam,

    I hope you are well. I am encountering what might be a bug when running various updates or processes through skynet. Below is an example of what happens when updating the maleware sets:

    Router Model; RT-AC86U
    Skynet Version; v6.2.7 (01/07/2018)
    iptables v1.4.15 - (eth0 @ 192.168.1.1)
    ipset v6.32, protocol version: 6
    FW Version; 384.6_alpha2-g5b076fc87 (Jun 30 2018) (4.1.27)
    Install Dir; /tmp/mnt/sda1/skynet (50.9G / 56.0G Space Available)
    SWAP File; /tmp/mnt/sda1/myswap.swp (2.0G)
    Boot Args; /jffs/scripts/firewall start skynetloc=/tmp/mnt/sda1/skynet
    Banned Countries; cn ru sc ua ee ls nl gr ba bg hr cz ge hu kg lv lt mc kp ro sk vn uz lk

    112206 IPs / 28013 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 2 Inbound / 0 Outbound Connections Blocked!

    Select Menu Option:
    [1] --> Unban
    [2] --> Ban
    [3] --> Banmalware
    [4] --> Whitelist
    [5] --> Import IP List
    [6] --> Deport IP List
    [7] --> Save
    [8] --> Restart Skynet
    [9] --> Temporarily Disable Skynet
    [10] --> Update Skynet
    [11] --> Debug Options
    [12] --> Stats
    [13] --> Install Skynet / Change Boot Options
    [14] --> Uninstall

    [r] --> Reload Menu
    [e] --> Exit Menu

    [1-14]: 3

    Select Option:
    [1] --> Update
    [2] --> Change Filter List
    [3] --> Reset Filter List
    [4] --> Exclude Individual Lists
    [5] --> Reset Exclusion List

    [1-5]: 1

    firewall banmalware

    Downloading filter.list [0s]
    Refreshing Whitelists [1s]
    Consolidating Blacklist [4s]
    Saving Changes [2s]
    Removing Previous Malware Bans [7s]
    Filtering IPv4 Addresses [2s]
    Filtering IPv4 Ranges [0s]
    Applying Blacklists [2s]

    For False Positive Website Bans Use; ( sh firewall whitelist domain URL )

    Skynet: [Complete] 109254 IPs / 27987 Ranges Banned. -2952 New IPs / -26 New Ranges Banned. 5 Inbound / 0 Outbound Connections Blocked! [banmalware] [18s]



    Press Enter To Continue...
    firewall: exec: line 3239: firewall: not found

    I am getting the error whenever I do anything manually. The changes apply but it is kicking me out of skynet on most occasions.

    I am not sure what the issue is here.

    Thanks,

    J
     
  16. Mutzli

    Mutzli Regular Contributor

    Joined:
    Dec 22, 2014
    Messages:
    53
    Most likely a USB drive issue. It looks like some parts of the script are not executed correctly. You might have a bad sector or corrupt data on your USB drive.
     
    Twiglets likes this.
  17. Adamm

    Adamm Very Senior Member

    Joined:
    Mar 26, 2013
    Messages:
    1,503
    Unfortunately I can't reproduce this after about 20 attempts. If you can reproduce this consistently we can debug further. Give the router a reboot first to help rule out other potential causes.
     
  18. johnathonm

    johnathonm Regular Contributor

    Joined:
    Aug 1, 2014
    Messages:
    92
    Hi Mutzli,

    I am not as familiar with linux and checking filesystems. My USB drive is formatted as EXT4 and is mounted on /mnt/sda1 - if you, or anyone could offer guidance on running a scan I'd appreciate it.

    Thank you,

    J
     
  19. Adamm

    Adamm Very Senior Member

    Joined:
    Mar 26, 2013
    Messages:
    1,503
    I don't think an e2fsck will resolve the issue. As I stated earlier, please try reboot then reproduce the issue and we can work from there.
     
  20. Adamm

    Adamm Very Senior Member

    Joined:
    Mar 26, 2013
    Messages:
    1,503
    I've pushed v6.3.0.

    Mostly under the hood changes removing legacy code to polish up Skynet in its current stable state. In doing so I've removed the v5 > v6 updater code, so if anyone is still running a very old version they will need to update to the previous version first if they want to preserve their data. (at this point I'd assume 99% have already upgraded so I doubt its an issue).

    I've also made it so Skynet populates the shared whitelist immediately with domains rather then wait for it to be refreshed as suggested by @DonnyJohnny

    Skynet will also now show users the command equivalent of any action preformed in the menu, I feel this is a good learning tool for users who want to get more familiar with the command line rather then a menu.
     
    8thphloor, adie, nodnarb91 and 8 others like this.
  21. skeal

    skeal Very Senior Member

    Joined:
    Apr 30, 2016
    Messages:
    1,462
    I have a quick question. Every night when skynet runs banmalware it runs fine but following the updated log entry is another entry always allowing 2 ips. The logs look like this any day I look.
    Code:
    Jul  9 02:25:26 Skynet: [Complete] 111300 IPs / 1713 Ranges Banned. -2017 New IPs / -10 New Ranges Banned. 2654 Inbound / 0 Outbound Connections Blocked! [banmalware] [26s]
    Jul  9 03:00:05 Skynet: [Complete] 111298 IPs / 1713 Ranges Banned. -2 New IPs / 0 New Ranges Banned. 2780 Inbound / 0 Outbound Connections Blocked! [save] [5s]
    
    This happens every night. What is going on here is it normal?
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!