Skynet Skynet - Router Firewall & Security Enhancements

[Guido Medina]

You are missing the joint database/blocking provided to skynet from AiProtection and vise versa, other than that i would say no.

Another question, maybe the answer is obvious: If I have AiProtection disabled and Skynet "Ban AIProtect" enabled, would there be any cron job that would fetch such database or is it an AiProtection job to do this?

In other words, can Skynet still use the AiProtection database without AiProtection being on? would there be any point in having "Ban AIProtect" option enabled with AiProtection disabled?

 

[martinr]

Deriving few questions from your answer:

• how important it is to have AiProtection enabled if you are using Skynet?
• how much weight has AiProtection on Skynet?
• if I have disabled completely AiProtection is there any point on enabling "Ban AIProtect" option on Skynet?
• and finally how sufficient Skynet is without AiProtection and Diversion hosts plus, also add the fact that I'm using DNS over TLS with security and optionally adult filters.

My intention is to completely replace AiProtection with Skynet and Diversion hosts plus and DNS over TLS security filter, and I missing much by doing this?

I run Skynet and Diversion and the full suite of AIProtection modules. Before installing Diversion and Skynet I used to get regular emails from AIProtection, maybe a couple a day. But now, months can go by without my getting an email. And just when I think maybe the AIProtection emails are not working, i get one. Coincidentally, I got a couple yesterday. I don’t have any problems with my router (RT-AC68U) and I have no intentions of turning off AIProtection, despite not having much work to do now.. But there are plenty of forum members who don’t run AIProtection for various reasons including the Trend Micro privacy agreement.

 

[SomeWhereOverTheRainBow]

Another question, maybe the answer is obvious: If I have AiProtection disabled and Skynet "Ban AIProtect" enabled, would there be any cron job that would fetch such database or is it an AiProtection job to do this?

well I imagine such a database would not exist as AiProtect is turned off.

 

[Guido Medina]

well I imagine such a database would not exist as AiProtect is turned off.

Yeah, stupid question from my side, as a software developer I should had look into the source code https://github.com/Adamm00/IPSet_ASUS/blob/master/firewall.sh#L787-L803

 

[Ola Malmstrom]

I need to remove skynet. I can't open skynet through amtm. How can I do it outside of amtm? Will formating the jffs partition be enough or is there anything else that needs to be done?

 

[Adamm]

I need to remove skynet. I can't open skynet through amtm. How can I do it outside of amtm? Will formating the jffs partition be enough or is there anything else that needs to be done?

sh /jffs/scripts/firewall uninstall

 

[cmkelley]

/tmp/home/root# free
             total       used       free     shared    buffers     cached
Mem:        515184     459536      55648          0       1820      20608
-/+ buffers/cache:     437108      78076
Swap:      2097148      35832    2061316

this is what i see....

Yeah, that's about what I have, except I only have 512 meg of swap. Perfectly normal, no cause for alarm. See the many threads here about "used" and "free" memory if you're concerned.

 

[Makaveli]

Yeah, that's about what I have, except I only have 512 meg of swap. Perfectly normal, no cause for alarm. See the many threads here about "used" and "free" memory if you're concerned.

That 512mb of ram seems to be why the AC86U's are hitting swap. They tend to run at 80-90% ram used from most of the post I've seen, having AI protection off does free up abit of memory.

 

[Ola Malmstrom]

sh /jffs/scripts/firewall uninstall

Thanks for a quick answer!!!

 

[Kingp1n]

That 512mb of ram seems to be why the AC86U's are hitting swap. They tend to run at 80-90% ram used from most of the post I've seen, having AI protection off does free up abit of memory.

I disabled AI protect months ago due to this...with Diversion/skynet and the other scripts installed my ram is consistently running at 94%.

 

[Chris_J]

I disabled AI protect months ago due to this...with Diversion/skynet and the other scripts installed my ram is consistently running at 94%.

Is that taking into account cached memory? I thought that the general consensus was that the 'used' ram doesn't necessarily mean it is being used, but more so reserved.

I did however see quite a reduction by switching from Diversion to Unbound Ad Block

 

[Ola Malmstrom]

Hmmm removed skynet and the USB drive. I now get a lot of messages such as this one (about one every 5 seconds) in the syslog. It continues the same way after a complete power-off.

Feb 13 15:53:56 kernel: DROP IN=eth0 OUT= MAC=64:20:9f:09:42:5d:20:3d:b2:23:c6:54:08:00 SRC=185.176.27.90 DST=158.174.130.234 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=23888 PROTO=TCP SPT=40606 DPT=38288 SEQ=3443739178 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0

Do I need to format the jffs partition as well? Or possibly do a complete reset?

Note: 158.174.130.234 is my external IP address and eth0 should be my WAN connection

Note 2: 64:20:9f:09:42:5d is the spoofed MAC address of my old, now unused, router
20:3d:b2 seems to be related to Huawei
185.176.27.90 belongs to an ISP in Bulgaria

Is this something that remains in the ASUS firewall after I removed skynet?

 

[dave14305]

Hmmm removed skynet and the USB drive. I now get a lot of messages such as this one (about one every 5 seconds) in the syslog. It continues the same way after a complete power-off.

Feb 13 15:53:56 kernel: DROP IN=eth0 OUT= MAC=64:20:9f:09:42:5d:20:3d:b2:23:c6:54:08:00 SRC=185.176.27.90 DST=158.174.130.234 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=23888 PROTO=TCP SPT=40606 DPT=38288 SEQ=3443739178 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0

Do I need to format the jffs partition as well? Or possibly do a complete reset?

Note: 158.174.130.234 is my external IP address

Go into the GUI Firewall tab and set Logged packets type = None.

 

[Martineau]

I did however see quite a reduction by switching from Diversion to Unbound Ad Block

unbound Ad Block appears to have around 50K entries.

Do you recall your diversion list size?, ...mine was about 100K, (@Treadler over 1million?) so I would expect a reduction (at the expense of less blocking perhaps)

 

[Chris_J]

I don't recall the exact number, but I'm sure that it was over 1 million.

So far, for my everyday use, I haven't seen a single ad yet. As they say: good enough, is good enough.

I still think Diversion is excellent, but the idea of ad blocking being part of Unbound was appealing.

 

[Ola Malmstrom]

Go into the GUI Firewall tab and set Logged packets type = None.

Thanks again!! OK, so the skynet installation changed this setting to "Dropped" and also the "Enable web access from WAN to "No". Does it change any other settings?

 

[cmkelley]

Thanks again!! OK, so the skynet installation changed this setting to "Dropped" and also the "Enable web access from WAN to "No". Does it change any other settings?

IIRC it also disables WAN ssh access. You should not re-enable either web or ssh access from the WAN. Particularly with web access, you will be hacked very quickly.

 

[Ola Malmstrom]

Ok so I learnt a few things here .

The reason I removed skynet is that I got problems with the USB (formatted with FAT and NTSF).

During installation the USB (with FAT) was formatted and I assumed everything was OK.

However when trying to start skynet there was a read error on line 1 in the config file. CPU usage grew to almost 100% on both CPU's (on a AC3200). As far as I could understand, there was something fishy with the USB drive. I re-started (power-off - power-on) the router - same result. I couldn't start skynet and had to remove it manually. I also removed the USB drive.

Restarted the router once more and installed another USB drive (formatted with NTFS). Tried to use the amtm disk utility to check it. The result was that the router died and re-booted.

So I re-started it once more after having removed the 2nd USB drive. Also secured that the router behaved as expected. Learnt a few settings that are changed during the installation and set Logged packets type back to "None". It now runs as before.

I would really like to run skynet.... but have 3 questions:

1. Where should the USB drive be formatted? On a PC or in the router?
2. If on PC: How? FAT, NTSF or eFAT? (since this will not affect the router)
3. Recommended size? 500 MB, 1 GB, 2 GB or 4 GB?

 

[TheLyppardMan]

Can anyone tell me how long it should take for the for Skynet statistics to appear in the GUI? I installed Skynet earlier this evening, but the graph areas are just blank and if I click on Update Stats, nothing happens except that I can no longer scroll down the page or leave it other than by using the browser back button. The same thing happens whether I use Firefox or Microsoft Edge.

 

[Mutzli]

1. Use amtm to format the USB drive (in amtm run fd)
2. Choose ext2 or ext4
3. 2GB or 4GB should be fine
4. make sure you also save some space for a swap file of 500MB or 1GB (in amtm choose sw to create)