Skynet Skynet noob question: Is this amount of inbound blocks normal?

[BreakingDad]

Can your wife or kids do this without your assistance? I have read about Quad9 blocked and if you use Quad9 DNS that means no Internet until you come back home. Very nice with all the work/learn from home thing. You already have few trusted malware/phishing protections. Another on top and community based becomes inconvenience for you only. You guys hurt yourselves with this script, turning Adamm's good intentions into router malware. When you block countries with Internet backbone servers you don't have full access to Internet anymore.

1) Can your wife or kids do this without your assistance? No they can't but they don't use quad 9, only I do. Even if it did happen during the day they would survive for 1 day, or I could have a look remotely.

2) You already have few trusted malware/phishing protections. If you mean Roblox, Battlenet and Quad 9 they are all safe anyway. If you mean others that people have set I have multiple layers of protection beyond skynet; AIProtection, ISP's safe DNS, Malwarebytes, Windows Firewall, Asus's Own firewall, Network Wide Adguard, and an educated family.

3) We do not require full access to internet with respect to Country Blocking, all the countries I have blocked are considered among the worst for malware / phishing and other bad practice. I think only once in 6 months I have required access to a Chinese site, and that was to get some information on a router. I disabled skynet for the 2 minutes I read something on it. The family have never reported they cannot access something they wish to. The country block would still allow access for gaming, voice coms etc which use out of country servers. For example someone in Romania would not be blocked chatting to me on discord.

4) I consider skynet just an extra layer of protection, for me it works, for others it may or may not. I enjoy watching all the blocks on the system log, I know I'm weird.

 

[Clark Griswald]

4) I consider skynet just an extra layer of protection, for me it works, for others it may or may not. I enjoy watching all the blocks on the system log, I know I'm weird.

That's a confirmation on the skynet works & watching all the blocks (gui)

 

[Tech9]

If you guys place your routers behind another firewall, the logging show stops. It was explained few times why. If Skynet makes you feel safer, it's OK.

 

[Clark Griswald]

@Tech9 Don't forget the graphs

This am I sent pics of AiP malicious site blocking and skynet blocked devices to show my Son how many times the router/scripts blocked his internet use (for the curious 6-blocks over 3-days "scam sites"). I understand that there are better alternatives to consumer gear, but I feel my current setup is a good compromise. I tried a Netgate device for a brief time, yet every time I had an issue with my internet, my isp would say I had unsupported equipment and refuse to assist. Now with my current setup, I am able to use my scripts to show my service quality and times, and the isp "specialist" isn't afraid of my puny asus consumer router.

 

[Tech9]

for the curious 6-blocks over 3-days "scam sites"

False alarm, most of the time. Like this one in 2 days, api.movcloud.net:

Someone reported it, TrendMicro included it. No scams found there. I mean, don't stress the kid for no reason.

I understand that there are better alternatives to consumer gear

My suggestion to place your router behind another firewall was for you to see what actually Skynet blocks and what the graphs really mean. This another firewall can be consumer router, with yours in double NAT. Skynet is coded in a way it shows you dropped connections even when the connections would have been dropped anyway without Skynet. With another firewall in-line Skynet graphs will have little to show. You guys perhaps suffer from what is called "novice obsession" - graphs, blocking, logging, data hoarding, too much hardware. That goes away over time. How serious the obsession is depends on how often you peek in your router's GUI. It's the same as social media obsession - let's login in and see, someone may have posted something.

 

[bluepoint]

False alarm, most of the time. Like this one in 2 days, api.movcloud.net:

View attachment 35350

Someone reported it, TrendMicro included it. No scams found there. I mean, don't stress the kid for no reason.



My suggestion to place your router behind another firewall was for you to see what actually Skynet blocks and what the graphs really mean. This another firewall can be consumer router, with yours in double NAT. Skynet is coded in a way it shows you dropped connections even when the connections would have been dropped anyway without Skynet. With another firewall in-line Skynet graphs will have little to show. You guys perhaps suffer from what is called "novice obsession" - graphs, blocking, logging, data hoarding, too much hardware. That goes away over time. How serious the obsession is depends on how often you peek in your router's GUI. It's the same as social media obsession - let's login in and see, someone may have posted something.

The real value of a skynet firewall is outbound blocking, it will alert you so you can check when there are outbound malware listed sites being blocked so you can investigate. There are few times it's false positive in a sense that it belongs to a net range that few are contaminated with malware. It's up to you to investigate , skynet gives you tools to do so then decide what to whitelist.

 

[Tech9]

The real value of a skynet firewall is outbound blocking

This is correct - limiting the user's access to potentially malicious IPs, if eventually missed by other active protections. Many people believe the more layers of protection the better. This is not always the case. More trusted sources filter real threats, less trusted ones add mostly false positives. Posts like this one are all over AddOns forum.

 

[bluepoint]

This is correct - limiting the user's access to potentially malicious IPs, if eventually missed by other active protections. Many people believe the more layers of protection the better. This is not always the case. More trusted sources filter real threats, less trusted ones add mostly false positives. Posts like this one are all over AddOns forum.

The whole time I've use skynet, I have not seen it block microsoft updates even MO updates. Most of my "possible" false positive were pool.ntp ip's which I ignore cause it's possible they are really tainted with malware, those that are poorly managed. It's one reason I don't use those servers.

 

[Clark Griswald]

+1 skynet in "vanilla" mode and never had MS Updates blocked.
I agree that a double-NAT scenario would be nice, except The Wife is concerned about the amount of "equipment" we currently use.
AiP and skynet both give information regarding the block, which is great. Perhaps it's The Griswald Luck, but I don't remember any false positives from either. Not so much "novice obsession", yet I checked the gui/logs when TM and script were first installed, but now I check every few days to verify nothing is amiss.
Edit: I did have an " *oob obsession", but that was at Christmas time a few years back.