Skynet Skynet - Router Firewall & Security Enhancements

[Laserpaddy]

hehehe seems to work then

Skynet: [Complete] 161774 IPs / 2120 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 163 Inbound / 74 Outbound Connections Blocked! [2s]
admin@RT-AC5300-7380:/tmp/home/root#

mines fine as well
Oct 10 06:52:17 Skynet: [INFO] Startup Initiated... ( banmalware autoupdate )
Oct 10 06:52:30 Skynet: [INFO] Lock File Detected (start banmalware autoupdate) (pid=4943) - Exiting
Oct 10 06:53:04 Skynet: [Complete] 164942 IPs / 7677 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [47s]
Oct 10 06:57:23 Skynet: [INFO] Skynet Up To Date - v5.2.4
Oct 10 13:00:08 Skynet: [Complete] 164942 IPs / 7677 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 7 Outbound Connections Blocked! [8s]

have to reinstall to enable debugging- I fat fingered the install darnit....thank you for this

 

[Laserpaddy]

wow
Oct 10 06:52:17 Skynet: [INFO] Startup Initiated... ( banmalware autoupdate )
Oct 10 06:52:30 Skynet: [INFO] Lock File Detected (start banmalware autoupdate) (pid=4943) - Exiting
Oct 10 06:53:04 Skynet: [Complete] 164942 IPs / 7677 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [47s]
Oct 10 06:57:23 Skynet: [INFO] Skynet Up To Date - v5.2.4
Oct 10 13:00:08 Skynet: [Complete] 164942 IPs / 7677 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 7 Outbound Connections Blocked! [8s]
Oct 10 07:20:17 Skynet: [Complete] 164839 IPs / 7665 Ranges Banned. -103 New IPs / -12 New Ranges Banned. 0 Inbound / 154 Outbound Connections Blocked! [77s]

 

[Raphie]

Indeed wow, the crap it finds and blocks, amazing!
Adamm where can i find txt log files to see what has been blocked?

 

[Adamm]

Indeed wow, the crap it finds and blocks, amazing!
Adamm where can i find txt log files to see what has been blocked?

The raw data is copied into skynet.txt

But Skynet phrases this information in a much less overwhelming way using the stat commands you can find detailed in the first post.

 

[Laserpaddy]

I can install the ab program on the same usb ?

 

[Raphie]

ThnX Adamm, speedguide.net and otx.alienvault.com seem to be the biggest offenders, over tons of different IP's
Any idea what is causing this? do I have any apps in the household triggering these "services" ?

 

[thelonelycoder]

I can install the ab program on the same usb ?

Of course, they work well with each other.

 

[Laserpaddy]

ThnX Adamm, speedguide.net and otx.alienvault.com seem to be the biggest offenders, over tons of different IP's
Any idea what is causing this? do I have any apps in the household triggering these "services" ?

I have the exact same thing

 

[Adamm]

ThnX Adamm, speedguide.net and otx.alienvault.com seem to be the biggest offenders, over tons of different IP's
Any idea what is causing this? do I have any apps in the household triggering these "services" ?

I have the exact same thing

These are actually just generated URLs to a lookup service for the actual offending IP's. The IP/port at the end are the real offenders.

 

[Builder71]

Hello!

I have a question:

I created a Skynet partition on my USB stick(i've three partition: Ab-Solution, Entware and Skynet). I'll install the firewall in Skynet.

When Skynet is active, can I disable the default firewall? (to make you understand better, I found this image on the internet)

Thanks so much!

Do you have this script running on a RT-N66U?
To my understanding this will not work because of old Ipset version. (v4)

 

[iManuB]

Do you have this script running on a RT-N66U?
To my understanding this will not work because of old Ipset version. (v4)

No, I took the picture over the internet.
I've only RT-AC3200

 

[Jan Adelsson]

I have PIA (Private Internet Access) VPN and Skynet does not play well with it. Even if i unban the IPs as it is suggested in post no:2, my connection gets disconnected all the time.
So i had no other way but to uninstall Skynet.
Is there a way to go around this?

 

[Butterfly Bones]

I have a VPN running 24/7 and have no serious issues using Skynet.

One time I did have to whitelist a VPN server after a timeout changed me to a new one, but that is the only one I have found. That server was configured wrong when I contacted my VPN provider and they made a change. That IP showed me in Russia using the Geolocation Detection shown in ipleak.net.

I'm in central California and use their servers in LA about 200 miles away, yet my geolocation currently shows me in Washington state, which is fine with me! Google shows me that as well using Google local news.

 

[Adamm]

I have PIA (Private Internet Access) VPN and Skynet does not play well with it. Even if i unban the IPs as it is suggested in post no:2, my connection gets disconnected all the time.
So i had no other way but to uninstall Skynet.
Is there a way to go around this?

I did my best to support VPNs thanks to Astril giving me a developer account. Every time Skynet is started or the firewall_restart event is called the VPN whitelist is refreshed.

If there's another user-script I can hook into whenever the VPN IP changes I'll definitely go that route. But I'm not sure such a thing exists. A temporary solution would be to disable autobanning. I will look into this further over the coming days and see if theres anything else I can do.

If they provide all their VPN ranges you could whitelist them manually.

 

[john9527]

If there's another user-script I can hook into whenever the VPN IP changes I'll definitely go that route.

It's passed as an environment variable to the vpn route-up script. Because it's a shell environment it's not saved, but we could probably write it to a file or nvram if the user is using policy routing.

 

[Adamm]

It's passed as an environment variable to the vpn route-up script. Because it's a shell environment it's not saved, but we could probably write it to a file or nvram if the user is using policy routing.

I see some documentation on "openvpn-event"

Called whenever an OpenVPN server gets started/stopped, or an OpenVPN client connects to a remote server. Uses the same syntax/parameters as the "up" and "down" scripts in OpenVPN.

Could that possibly cover it too?

 

[john9527]

Could that possibly cover it too?

Yes and no......openvpn-event is called for EVERY transition/event of both the client and server. Part of what I had put together in user scripts was a framework that determined why it was called and by who....for example vpnclient1-route-up. You could use openvpn-event if you did the same thing (and didn't break the previously mentioned framework )

The other alternative would be saving it in vpnrouting.sh (part of the firmware) that you could then query.

 

[Adamm]

Yes and no......openvpn-event is called for EVERY transition/event of both the client and server. Part of what I had put together in user scripts was a framework that determined why it was called and by who....for example vpnclient1-route-up. You could use openvpn-event if you did the same thing (and didn't break the previously mentioned framework )

The other alternative would be saving it in vpnrouting.sh (part of the firmware) that you could then query.

Okay thanks for the heads up, haven't gone too in-depth with the whole VPN side of things so will make that my mission for the next few days and put something together.

@Jan Adelsson I'll put together a basic update shortly that should alleviate some of your issues (along with a command to forcefully update the VPN white-list). So keep an eye out

 

[Jan Adelsson]

@Jan Adelsson I'll put together a basic update shortly that should alleviate some of your issues (along with a command to forcefully update the VPN white-list). So keep an eye out

Thanks man. Cant wait for it.

 

[Adamm]

Thanks man. Cant wait for it.

Give the latest version a crack, let me know if it makes any difference. You will need to re-run the installer to get the implemented changes. Will continue working on a better solution this week.