What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

The message was only added in a recent update. Skynet will still work with a CG-NAT setup, you will just see less hits due to there being a layer of filtering before your router receives a connection.




What is the output of;

Code:
sh /jffs/scripts/firewall debug info



These are directly related to your country block list. As the domain name suggests, that domain resolves to a pool of NTP servers hosted worldwide. That's why I personally don't use the country blocking feature, too many services are globalized now.
i removed the country based block list after it broke too many things by uninstalling the skynet script and re installing it, i domain white listed the ntp server for au because i live in Australia, ill check again tomorrow to see if its working which it should.
 
Last edited:
i removed the country based block list after it broke too many things by uninstalling the skynet script and re installing it,

As per the readme;

Code:
( sh /jffs/scripts/firewall unban country ) This Unbans Entries Added By The "Ban Country" Feature
 
As per the readme;

Code:
( sh /jffs/scripts/firewall unban country ) This Unbans Entries Added By The "Ban Country" Feature
so un installing the script and re installing the script wont remove the country ban?
i un installed the skynet script in its menu and re installed it again with amtm.
ill run the command just to be save in that case thanks for the reminder.

Update i ran the unban command for au so should be all good now, thank you.
 
Last edited:
so un installing the script and re installing the script wont remove the country ban?

It will but I was just pointing out a much easier non destructive method.
 
You've (incorrectly) edited the default log level settings on the WebUI.

Go WebUI > System Log Tab

Default message log level = notice
Log only messages more urgent than = debug
Thanks Adamm. I use amtm to enter Skynet. The only change I made was entering country's to ban.
How can I start the WebUI?

ONEPLUS 5T with Tapatalk
 
Thanks Adamm. I use amtm to enter Skynet. The only change I made was entering country's to ban.
How can I start the WebUI?

ONEPLUS 5T with Tapatalk

I am referring to the routers default WebUI, where you update the firmware etc.
 
i removed the country based block list after it broke too many things by uninstalling the skynet script and re installing it, i domain white listed the ntp server for au because i live in Australia, ill check again tomorrow to see if its working which it should.
Here is an example I have of rogue ntp servers. I only have three Kasa smart lights that I control manually via phone app. No other IoT devices. They usually call an ntp server a few times a day with no issue. Here is a bad one. This shows as an Outbound block when I run Skynet stats. First Outbound block in two weeks.
Code:
176.10.99.206     firehol_level3.netset*      pool.ntp.org
https://otx.alienvault.com/indicator/ip/176.10.99.206
 
I just have an question is there anyway of disabling ip on your router for a user.

Can you rephrase your question? Can't seem to understand it as above? :)

Maybe better to state what the expected behavior is instead?
 
Tell him not to connect to your network. :)

Seriously though, anything within a network (good or bad) affects all the other clients and network equipment where possible.

It makes no sense to have your network secure and then allow someone to possibly infect it. ;)
 
Thanks Adamm. I use amtm to enter Skynet. The only change I made was entering country's to ban.
How can I start the WebUI?

ONEPLUS 5T with Tapatalk

I am referring to the routers default WebUI, where you update the firmware etc.

I made this mistake in the begining. For future reference this is the settings Adamm is referring to.

login to WebUI
System Log / General Log
Annotation-2020-04-09-085838.jpg
 
Skynet started Outbound Blocks from my AC86U WAN IP to my VPN IP
Code:
Apr  9 06:26:26 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=AA.BB.CC.DD DST=209.58.135.72 LEN=105 TOS=0x00 PREC=0x00 TTL=64 ID=34825 DF PROTO=UDP SPT=49119 DPT=1194 LEN=85
Apr  9 06:26:26 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=AA.BB.CC.DD DST=209.58.135.72 LEN=145 TOS=0x00 PREC=0x00 TTL=64 ID=34828 DF PROTO=UDP SPT=49119 DPT=1194 LEN=125
Apr  9 06:26:26 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=AA.BB.CC.DD DST=209.58.135.72 LEN=1431 TOS=0x00 PREC=0x00 TTL=64 ID=34829 DF PROTO=UDP SPT=49119 DPT=1194 LEN=1411
Apr  9 06:26:26 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=AA.BB.CC.DD DST=209.58.135.72 LEN=113 TOS=0x00 PREC=0x00 TTL=64 ID=34831 DF PROTO=UDP SPT=49119 DPT=1194 LEN=93
Apr  9 06:26:26 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=AA.BB.CC.DD DST=209.58.135.72 LEN=1431 TOS=0x00 PREC=0x00 TTL=64 ID=34836 DF PROTO=UDP SPT=49119 DPT=1194 LEN=1411
Apr  9 06:26:27 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=AA.BB.CC.DD DST=209.58.135.72 LEN=113 TOS=0x00 PREC=0x00 TTL=64 ID=34841 DF PROTO=UDP SPT=49119 DPT=1194 LEN=93
Apr  9 06:26:27 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=AA.BB.CC.DD DST=209.58.135.72 LEN=1431 TOS=0x00 PREC=0x00 TTL=64 ID=34858 DF PROTO=UDP SPT=49119 DPT=1194 LEN=1411
Apr  9 06:26:27 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=AA.BB.CC.DD DST=209.58.135.72 LEN=113 TOS=0x00 PREC=0x00 TTL=64 ID=34903 DF PROTO=UDP SPT=49119 DPT=1194 LEN=93
Apr  9 06:26:27 RT-AC86U-4608 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=AA.BB.CC.DD DST=209.58.135.72 LEN=1431 TOS=0x00 PREC=0x00 TTL=64 ID=34906 DF PROTO=UDP SPT=49119 DPT=1194 LEN=1411

Code:
sh /jffs/scripts/firewall stats search malware 209.58.135.72

i] Logging Data Detected in /tmp/mnt/SNB/skynet/skynet.log - 1.1M
[i] Monitoring From Apr 8 14:00:27 To Apr 9 07:08:43
[i] 3925 Block Events Detected
[i] 1178 Unique IPs
[i] 5 Manual Bans Issued
  
=============================================================================================================
Exact Matches;
--------------       | ---------                              
| IP Address |       | | List |                              
--------------       | ---------                              
209.58.135.72        | https://iplists.firehol.org/files/blocklist_net_ua.ipset
  
Possible CIDR Matches;
--------------       | ---------                              
| IP Address |       | | List |                              
--------------       | ---------                              
  
=============================================================================================================
[#] 192176 IPs (+0) -- 1663 Ranges Banned (+0) || 143 Inbound -- 0 Outbound Connections Blocked! [stats] [4s]

The VPN IP has not issues on Alienvault OTX.
https://otx.alienvault.com/indicator/ip/209.58.135.72
 
Alienvault is just a potential source of extra data, it isn't always guaranteed.
@Adamm I appreciate all the hard work you do to maintain Skynet. Every-time there is a minor update, I proceed forward knowing and comforted by the thought that you have every Asuswrt-merlin users best interest and security in mind. Thank you for all your hard work.
 
Is it OK to enable 'Enable HDD Hibernation' for the USB drive? I've switched to USB 3.0 again and am just wondering.

EDIT: One thing I'm noticing with 384.16 and the latest 7.1.5 on my 86U is the Outbound total (up top) doesn't reflect the numbers that are indicated in the outbound block totals. Up top it says '0' and I have maybe 400 outbound blocks via local IP address.

Thanks
 
Last edited:

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top