What's new

Skynet SkyNet Blocking Subnet

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Can someone else take over?
Thanks.
Is there an alternative?
Does logging have to be on for Skynet to function properly?
Thanks
 
Ok since this thread is here, I will re-use it.

I found today that an IP from Microsoft got banned by skynet. No idea why, but it did. I unbanned it and the app worked again. As I was watching the firewall syslog (suggested from skynet post), I saw a string of outbound port 53 UDP blocks. I looked up the IP on alienvault and it shows up as Korean Internet Security Agency. Of course that is freaking me out now.

The source was a Windows Domain Controller server that was apparently trying to connect on port 53 UDP to that IP. I cannot figure out why that was happening. According to skynet, it just started happening on 4-28-2021. It was happening while I was watching for about 20 attempts and then it stopped. The IP is: 210.101.60.1.

Here is an example of my skynet logs:

May 3 18:29:50 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=10:c3:7b:40:34:08:00:15:5d:63:c9:01:08:00 SRC=192.X.X.X DST=210.101.60.1 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=22041 PROTO=UDP SPT=49595 DPT=53 LEN=40

Any thoughts?
 
Ok since this thread is here, I will re-use it.

I found today that an IP from Microsoft got banned by skynet. No idea why, but it did. I unbanned it and the app worked again. As I was watching the firewall syslog (suggested from skynet post), I saw a string of outbound port 53 UDP blocks. I looked up the IP on alienvault and it shows up as Korean Internet Security Agency. Of course that is freaking me out now.

The source was a Windows Domain Controller server that was apparently trying to connect on port 53 UDP to that IP. I cannot figure out why that was happening. According to skynet, it just started happening on 4-28-2021. It was happening while I was watching for about 20 attempts and then it stopped. The IP is: 210.101.60.1.

Here is an example of my skynet logs:

May 3 18:29:50 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=10:c3:7b:40:34:08:00:15:5d:63:c9:01:08:00 SRC=192.X.X.X DST=210.101.60.1 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=22041 PROTO=UDP SPT=49595 DPT=53 LEN=40

Any thoughts?

Yes stop looking at the logs if its freaking you out - life is too short for this to be causing you stress.
 
Ok since this thread is here, I will re-use it.

I found today that an IP from Microsoft got banned by skynet. No idea why, but it did. I unbanned it and the app worked again. As I was watching the firewall syslog (suggested from skynet post), I saw a string of outbound port 53 UDP blocks. I looked up the IP on alienvault and it shows up as Korean Internet Security Agency. Of course that is freaking me out now.

The source was a Windows Domain Controller server that was apparently trying to connect on port 53 UDP to that IP. I cannot figure out why that was happening. According to skynet, it just started happening on 4-28-2021. It was happening while I was watching for about 20 attempts and then it stopped. The IP is: 210.101.60.1.

Here is an example of my skynet logs:

May 3 18:29:50 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=10:c3:7b:40:34:08:00:15:5d:63:c9:01:08:00 SRC=192.X.X.X DST=210.101.60.1 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=22041 PROTO=UDP SPT=49595 DPT=53 LEN=40

Any thoughts?
got any IoT devices on the network? you may want to look into enabling DNS filter on your router which can block/redirect these lookups to undesired DNS servers
 
Any thoughts?

Skynet by itself is not blocking anything. It's the blocklist used by Skynet. Blocklists are community supported and errors are common. You can customize blocklists in Skynet. I use pfBlocker-NG with firehol_level1 only in IP blocking. The more blocklists you add the more chances for false positives.
 
Just for reference if I did not mention it already, my Asus is connected inside of my ISP's router device. So I am essentially in a double-NAT situation. When I look at the skynet logs, I am surprised at how many blocks there are. I only have 1 port forwarded from my outside ISP device, which is for the Asus VPN port.
 
When I look at the skynet logs, I am surprised at how many blocks there are.

Without Skynet your firewall will drop 99.9% and your VPN server will reject the rest 0.01%. Skynet only freaks you out and you block more and more things hurting your own Internet connection. On-device VPN can fire through all your firewall enhancements and aiprotections and access easily whatever you have blocked there. This cat and mouse game may go forever and I see no point doing it on a home network used by people you know. What's the issue accessing websites in China or Russia? I'm a hardware guy and sources in China and Russia are great. Very often the only sources of useful information are located in China or Russia. Many scripts in AMTM require Entware. Guess who maintains Entware and where is he from.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top