What's new

Skynet Skynet is blocking github.com?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I reinstalled skynet a few days ago. Unfortunately nothing much has changed for me. Github is now accessible, that's true, but that's pretty much all - all other sites, put into whitelist are blacklisted - "forgotten" after a day or so. Restart of skynet puts them into whitelist again, but again only for a day or two.
It's not just github and nlb.si (as i wrote above as an example), i have quite some sites acting this way: like update pages for sony PS3 - by default PS3 won't update at all if skynet is running. Putting appropriate sites into whitelist - updates fine, but not after a few days. So, main problem is still there (forgetting whitelist). It's just that github was added as an exception in a new version...
So, unfortunately, it's out of my asus again. Sad, but it's just that it blocks too many good sites by default...
 
I reinstalled skynet a few days ago. Unfortunately nothing much has changed for me. Github is now accessible, that's true, but that's pretty much all - all other sites, put into whitelist are blacklisted - "forgotten" after a day or so. Restart of skynet puts them into whitelist again, but again only for a day or two.
It's not just github and nlb.si (as i wrote above as an example), i have quite some sites acting this way: like update pages for sony PS3 - by default PS3 won't update at all if skynet is running. Putting appropriate sites into whitelist - updates fine, but not after a few days. So, main problem is still there (forgetting whitelist). It's just that github was added as an exception in a new version...
So, unfortunately, it's out of my asus again. Sad, but it's just that it blocks too many good sites by default...

This is how it´s suppose to work, so nothing wrong with code, it´s how it always worked.

First of check what list is blocking the IP(list are some times not maintained, give false positives or might just be plain awful. might be time to remove it?).
Issue will always be in the block list cant be anywhere else with the way the Skynet rules are set up.
(And are you checking the right IP, some services connect to different sources)

For example why github was blocked.

Skynet uses firehol lvl3 list, which in turn is composed of alot of other lists.
In this case one of those list is an service to test virus/malware(vxvault) that is not activity maintained but just uses a fall of system.
So basically someone uploaded some malware from github to vxvault and was connected to the specific IP and "BAM" it was placed on the list and it seems to take a long long time for it to fall off since the service really isent used.(Huge amount of discord IPs from this list to)


When you "White list" a domain you are really white listing the IP that is looked up at the time not the "IP´s " used by an entire domain(Skynet restart and saves the new IP).

What ever time you have set your Skynet to update its list this will also happen, Skynets does a lookup for what domain is in the list and overwrites the IP that was in the list (Which is why it wont work the next day). or as you said it "forgotten" after a day or so.

And to make all this worse it all depends on your DNS server setup having a ton of DNS servers or a stubby config will defiantly make this happen every time, and you can have an locally cashed IP on your lets say Windows machine that doesn't get looked up for x amount of time.

So I guess you can see why whitelisting an IP based on domain is bad.

Skynet uses IP´s not domain names as its core.
This is an awful method of whitelisting for iptables(netfilter), sure works great fore something that is DNS based as Diversion which I presume most of you are using.
This method thou has also the potential to make your firewall a lot less secure, since you will white list the IP that your DNS hands you. (aka mitm attacks).

So you basically you don't want to use the option to whitelist a domain but whitelist the IP ranges used by the domain/specific company.(most have them listed in your case Sony definitely have them listed).
This will always be a hassle thou since most smaller company's will always be on a server farm like AWS, Azure etc.. and then we don't even have load balancers, proxies in the picture...

Though,
Skynet has an easy option to do this not foolproof but works alot of the time, when you open skynet in the "whitelist" options there is a option for adding "ASN".
Google for the ASN number in this case it seems like the PlayStation network uses "AS33353" and simply add it and it will add all the ranges that is assigned for their BGP routing.(skynet does an lookup to check https://bgpview.io/)
(Tough some time it will not cover everything so safer option is to find an actual list by the company).

To remember things like this will always be maintenance not a set and forget thing.
 
Well, said with one phrase: it's too complicated for me...
If whitelist function is there, then i guess it's there for the reason that i can enter an IP/domain.... and it's permanently whitelisted, right ? Or am i mistaken? Otherwise it wouldn't be there...

Interesting thing is when i insert domain into whitelist it's not domain which is entered, but rather IP. I can't find where i could enter domain only, always only IP is the one it's entered, so if that IP changes we have a problem, sure. Although I’m pretty sure that my national bank and Sony's update pages use static IP's. And i'm pretty sure that these pages don't contain any viruses or malware.

So, yes, i do expect that if i enter an IP into whitelist that it is “set and forget” thing.
I’m not a programmer. As a consequence, from all you wrote and from all i understood above explanation i think that skynet is written more or less only for those who are prepared to “maintain” it on daily basis to keep it working. Maybe it's safer this way... but, sadly, not for me. I just don't have time for daily maintaining.

And, by all means, i don‘t mean anything bad!! I know that author does this in his spare time and free of charge and i respect it!
 
Well, said with one phrase: it's too complicated for me...
If whitelist function is there, then i guess it's there for the reason that i can enter an IP/domain.... and it's permanently whitelisted, right ? Or am i mistaken? Otherwise it wouldn't be there...

Interesting thing is when i insert domain into whitelist it's not domain which is entered, but rather IP. I can't find where i could enter domain only, always only IP is the one it's entered, so if that IP changes we have a problem, sure. Although I’m pretty sure that my national bank and Sony's update pages use static IP's. And i'm pretty sure that these pages don't contain any viruses or malware.

So, yes, i do expect that if i enter an IP into whitelist that it is “set and forget” thing.
I’m not a programmer. As a consequence, from all you wrote and from all i understood above explanation i think that skynet is written more or less only for those who are prepared to “maintain” it on daily basis to keep it working. Maybe it's safer this way... but, sadly, not for me. I just don't have time for daily maintaining.

And, by all means, i don‘t mean anything bad!! I know that author does this in his spare time and free of charge and i respect it!
Hmm, will try to explain it though its far more advanced.

Yes if you insert a domain it will convert that to an IP so that Skynet knows what to do with it(the exact moment you enter it, and this will auto update to the IP that Skynets sees in the exact moment when in auto updates its lists and delete the old IP it had stored).
(thou caching IPs would kind of fix this).

This is because, Skynet or rather the tools it uses iptables(netfilter the linux firewall) works with IP addresses or mac-addresses on its fundamental level, and has no grasp of what an domain name even is.

So when you enter a domain,
Skynet will convert this to an IP(to make skynet understand) and for that it uses your routers DNS server to find that IP and then put it into its list block/white, however this IP could change.

And this is why DNS servers was invented so we dont have to keep track of every IP.

Which will answer your question. --- ("Although I’m pretty sure that my national bank and Sony's update pages use static IP's")

No, they absolutely dont, sure they have a range of IP addresses they use.

The reason(to make it simple),

Think of a supermarket, you wouldn't want everyone(100ppl) to stand in one line when you have 10 cash registers(10 IP´s)., so you spread them out.
This is why you will get different IP´s from time to time.

In the old days, we pretty much used static IP and the "supermarket" sorted its lines behind load balancers.
But nowadays we use CDN´s so all this/parts is covered by DNS servers,
So for an example you could get a faster download by connecting to a closer server, netflix, steam etc...
(Still ofc we have the load balancers).

So in your bank example,
Even if you are abroad you will most likely connect to a local server center to download all of the web content(different IP) to make it faster but one connection will go back "home" to their static(IP) Database so they can maintain full security.


Hope this kind of makes some sense?

So basically if something is blocked enter the IP, or the ASN from previous post or IP range in Skynet. (This will make it kind of set and forget).

And Skynet inset written for "advanced" IT its to make it simple.


It is really super simple at its core.

If you enable "Inbound" block everything from the list we downloaded to enter your network from the Internet.
If you enable "Outbound" block everything from "the same list" to reach the internet.

So "Inbound" we will simply still be able ta wave to the internet "here i am" but the internet cant "wave back" and ask how are you?
And "Outbound" wont let you wave to your friends on the Internet in the first place.




But as first of check the lists and you probably wont have these issue at all, you also have a custom list option in Skynet to add your own list(of lists) or simply remove one.
(Added my own collection myself since firehol project seems to be abandoned, used their source lists instead )

A simple trusted list will still make you alot more secure then lets say things like a dns blocker like diversion ever will (at least for Viruses/malware).
Today pretty much all malware has its own bundled dns server so things like diversion/pihole makes less sense for that purpose.

So I would re enable Skynet! and spend a tiny amount to maybe change some lists, then add an Ip range or two and then it would be abit of "set and forget".

For an example this is what I am running right now with Skynet,
https://raw.githubusercontent.com/macexx/blocklist/main/iplist.list (99% the same as Skynet but removed problematic firehol lvl3 and used its core lists but removed vxvault)
Worked out great

Simply -- option 3 -> option 2 -> paste list
 
Many thanks for this detailed explanation!
You convinced me - i'll try to play around some more. First of all i'll monitor IP's of a few sites to see if they really change..
I'll definitely try with your list first. But, first: what's a good idea to filter (a question, asked at install: inbound, outbound or All (which is recommended)? So far i always used "all" (and all recommended options).

EDIT: i get a whole of bunch of errors if i do as you say (option 3, 2, paste) - for most links there's an error "url.... isn't an option"....
 
Last edited:
Many thanks for this detailed explanation!
You convinced me - i'll try to play around some more. First of all i'll monitor IP's of a few sites to see if they really change..
I'll definitely try with your list first. But, first: what's a good idea to filter (a question, asked at install: inbound, outbound or All (which is recommended)? So far i always used "all" (and all recommended options).

EDIT: i get a whole of bunch of errors if i do as you say (option 3, 2, paste) - for most links there's an error "url.... isn't an option"....
I did the same thing. What you want to do instead is just use https://raw.githubusercontent.com/macexx/blocklist/main/iplist.list rather than the contents. Don't worry, you won't be tied forever to his github - Skynet only uses the contents. Also Skynet will handle the duplicate line and sort alphabetically. You should get the following results with a ls -1 of your Skynet lists directory (in my case /tmp/mnt/ent/skynet/lists).

alienvault_reputation.ipset
bds_atif.ipset
bi_any_2_30d.ipset
ciarmy.ipset
cybercrime.ipset
dshield.netset
dyndns_ponmocup.ipset
et_block.netset
et_compromised.ipset
firehol_level1.netset
firehol_level2.netset
normshield_high_attack.ipset
normshield_high_bruteforce.ipset
spamhaus_edrop.netset
urlvir.ipset
 
Aaaaaa.... ok, i understand my error...
Thanks for explanation!
Now i entered my allowed sites in whitelist with ASN numbers. I'll see what happens...
 
Last edited:
@EmeraldDeer : I have recently installed skynet using the default list, but excluding firehol level3, urlvir. I would prefer to use only the firehol level1 list. Would you know the syntax to use if i wanted to use the replace list option ? I tried using https://iplists.firehol.org/files/firehol_level1.netset .....but it errored out.
Thanks in advice as i cannot find this answer anywhere and seems adamm is on hiatus.
 
@EmeraldDeer : I have recently installed skynet using the default list, but excluding firehol level3, urlvir. I would prefer to use only the firehol level1 list. Would you know the syntax to use if i wanted to use the replace list option ? I tried using https://iplists.firehol.org/files/firehol_level1.netset .....but it errored out.
Thanks in advice as i cannot find this answer anywhere and seems adamm is on hiatus.
There is no such command
Code:
Example Banmalware Commands;
( firewall banmalware ) This Bans IPs From The Predefined Filter List
( firewall banmalware google.com/filter.list ) This Uses The Filter List From The Specified URL
( firewall banmalware reset ) This Will Reset Skynet Back To The Default Filter URL
( firewall banmalware exclude "list1.ipset|list2.ipset" ) This Will Exclude Lists Matching The Names "list1.ipset list2.ipset" From The Current Filter (Quotes And Pipes Are Nessessary For Seperating Multiple Entries!)
( firewall banmalware exclude reset ) This Will Reset The Exclusion List
 
There is no such command
Code:
Example Banmalware Commands;
( firewall banmalware ) This Bans IPs From The Predefined Filter List
( firewall banmalware google.com/filter.list ) This Uses The Filter List From The Specified URL
( firewall banmalware reset ) This Will Reset Skynet Back To The Default Filter URL
( firewall banmalware exclude "list1.ipset|list2.ipset" ) This Will Exclude Lists Matching The Names "list1.ipset list2.ipset" From The Current Filter (Quotes And Pipes Are Nessessary For Seperating Multiple Entries!)
( firewall banmalware exclude reset ) This Will Reset The Exclusion List
Thanks. I guess I was not clear, and apologise This is the command I was referring to:
firewall banmalware google.com/filter.list ) This Uses The Filter List From The Specified URL

Now understanding is that I can use this command to replace the default lists with a list of my choosing and Skynet would download this list and use it as the main blocking/malware list. In this case, I was thinking of : firehol_level1.netset

Now if this in NOT the case then issue as I'll stick with the defaults.

If it is, I tried the syntax as follows:

firewall banmalware https://iplists.firehol.org/files/firehol_level1.netset

But it failed.

so do I need to pass the value as : iplists.firehol.org/files/firehol_level1.netset ?
 
Thanks. I guess I was not clear, and apologise This is the command I was referring to:
firewall banmalware google.com/filter.list ) This Uses The Filter List From The Specified URL

Now understanding is that I can use this command to replace the default lists with a list of my choosing and Skynet would download this list and use it as the main blocking/malware list. In this case, I was thinking of : firehol_level1.netset

Now if this in NOT the case then issue as I'll stick with the defaults.

If it is, I tried the syntax as follows:

firewall banmalware https://iplists.firehol.org/files/firehol_level1.netset

But it failed.

so do I need to pass the value as : iplists.firehol.org/files/firehol_level1.netset ?
You need to provide it a web-hosted list of lists.
 
I see a minor update for skynet...anyone installed it yet?
 
I see a minor update for skynet...anyone installed it yet?
Yes I did a few hours ago and did not noticed any noticeable issues so far.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top