Skynet Skynet - Router Firewall & Security Enhancements

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

QuikSilver

Very Senior Member
I've pushed v7.1.9

Code:
Detect malware IOC that prevents AiProtect from updating by setting apps_wget_timeout=3O
That was fast! :eek:Just read @RMerlin 's comment and saw a skynet upgrade to detect it. :cool:
 

Wayne Hutchinson

Occasional Visitor
OK, I am re-posting to this thread:
Hi Adamm,
I am interested in installing Skynet but am a novice with unix usage can you please put together a install and usage post?
I have looked at your thread but want to make sure I get it right.

Thanks
 

L&LD

Part of the Furniture

Wayne Hutchinson

Occasional Visitor
Thanks, I did not see that it would install from the web.

I am now seeing the following error when I try to use ssh;
This is the first time using ssh since rebuilding the Asus.
What is causing this

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:4Hm/VB7J5stqkYZge8eJt26iRgHHOiuWZay2wkDkNQc.
Please contact your system administrator.
Add correct host key in C:\\Users\\hutch/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in C:\\Users\\hutch/.ssh/known_hosts:1
ECDSA host key for 192.168.1.1 has changed and you have requested strict checking.
Host key verification failed.
 

dave14305

Part of the Furniture
Thanks, I did not see that it would install from the web.

I am now seeing the following error when I try to use ssh;
This is the first time using ssh since rebuilding the Asus.
What is causing this

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:4Hm/VB7J5stqkYZge8eJt26iRgHHOiuWZay2wkDkNQc.
Please contact your system administrator.
Add correct host key in C:\\Users\\hutch/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in C:\\Users\\hutch/.ssh/known_hosts:1
ECDSA host key for 192.168.1.1 has changed and you have requested strict checking.
Host key verification failed.
It's due to the factory reset. Delete and try again.
Code:
del C:\Users\hutch\.ssh\known_hosts
 

tomsk

Very Senior Member
Thanks, I did not see that it would install from the web.

I am now seeing the following error when I try to use ssh;
This is the first time using ssh since rebuilding the Asus.
What is causing this

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:4Hm/VB7J5stqkYZge8eJt26iRgHHOiuWZay2wkDkNQc.
Please contact your system administrator.
Add correct host key in C:\\Users\\hutch/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in C:\\Users\\hutch/.ssh/known_hosts:1
ECDSA host key for 192.168.1.1 has changed and you have requested strict checking.
Host key verification failed.
You can just remove the old key
 

L&LD

Part of the Furniture
@thecheapseats, the update to the update was even faster (depending on when you did the update on your router, check again for another 'no version change' update for a possible newer script. :)
 

Wayne Hutchinson

Occasional Visitor
Thanks dave14305 got ssh to work again.
Now to the next part, the usb flash drive, All I have available is a ADATA 16gb,
I plunged it but it ask's - Please enter partition number 0-1? when I run the install
It's the only drive connected is there a preference?
 

L&LD

Part of the Furniture
@Wayne Hutchinson, before inserting (or plunging) the USB drive you want amtm to use, I suggest formatting it in a PC with NTFS format to fully erase it.

Afterward, you may want to follow the amtm Step-by-Step guide (please see the link in my signature below) to properly format the USB drive using amtm. Just remember to ignore the 'install amtm' part. amtm has been included in RMerlin firmware since 384.15_0 release final. :)
 

Wallace_n_Gromit

Senior Member
That was fast! :eek:Just read @RMerlin 's comment and saw a skynet upgrade to detect it. :cool:

That's why I love this place! Jaw-dropping [fast] updates, immediate support. Something new to learn everyday. Helpful community. Great and knowledgeable networking/coders. Don't have to wait for the 2nd Tuesday of every month for buggy security updates [read Windows 10]. o_O
 

Joe Doe

Occasional Visitor
What is the output of;

Code:
sh /jffs/scripts/firewall debug info

And the exact output when you get the error.

>> /jffs/scripts/firewall: line 5668: arithmetic syntax error

-------------------- | ----------
| Test Description | | | Result |
-------------------- | ----------

Internet-Connectivity | [Passed]
Write Permission | [Passed]
Firewall-Start Entry | [Passed]
Services-Stop Entry | [Passed]
Service-Event Entry | [Passed]
Profile.add Entry | [Passed]
SWAP File | [Passed]
Cron Jobs | [Passed]
NTP Sync | [Passed]
IPSet Comment Support | [Passed]
Log Level 5 Settings | [Passed]
Duplicate Rules In RAW | [Passed]
IPSets | [Passed]
IPTables Rules | [Passed]
 

Adamm

Part of the Furniture
>> /jffs/scripts/firewall: line 5668: arithmetic syntax error

-------------------- | ----------
| Test Description | | | Result |
-------------------- | ----------

Internet-Connectivity | [Passed]
Write Permission | [Passed]
Firewall-Start Entry | [Passed]
Services-Stop Entry | [Passed]
Service-Event Entry | [Passed]
Profile.add Entry | [Passed]
SWAP File | [Passed]
Cron Jobs | [Passed]
NTP Sync | [Passed]
IPSet Comment Support | [Passed]
Log Level 5 Settings | [Passed]
Duplicate Rules In RAW | [Passed]
IPSets | [Passed]
IPTables Rules | [Passed]

Thats not the complete output
 

CriticJay

Senior Member
Hi @Adamm

Noticed something odd during a recent uninstall/reinstall and thought I would mention it in case it was an actual bug and not a one-off glitch.

I have a single list on my exclusions - the firehol level3. When I did a Skynet backup, skynet uninstall, skynet reinstall, skynet restore from backup; most of my configuration settings appeared to be back except for that list which I used to exclude.

Not a big deal to re-enter that exclusion but thought I would mention regardless
 
Last edited:

Joe Doe

Occasional Visitor

Attachments

  • sc_51.jpg
    sc_51.jpg
    54.1 KB · Views: 110

Mutzli

Very Senior Member
Hi @Adamm, would it be possible to have an option in Skynet to import banned IP addresses from Suricata's fast.log like the option you have for importing AiProtect data into Skynet? Right now I manually enter the IP addresses from the fast.log file into Skynet which isn't a huge deal yet, but could become cumbersome in the future if there are a lot of recorded IPs from Suricata.
 

Adamm

Part of the Furniture
Here's the entire output. It stops after the arithmetic error.

Why do you have almost every setting disabled including settings that aren't even relevant for your installation (i.e Custom syslog location), no wonder you are getting errors. I suggest uninstalling Skynet followed by a reinstall to correct these and only change settings if you are aware of what it actually does.
 

Adamm

Part of the Furniture
Hi @Adamm, would it be possible to have an option in Skynet to import banned IP addresses from Suricata's fast.log like the option you have for importing AiProtect data into Skynet? Right now I manually enter the IP addresses from the fast.log file into Skynet which isn't a huge deal yet, but could become cumbersome in the future if there are a lot of recorded IPs from Suricata.

I've yet to dabble with Suricata, but this does sound feasible, although I would need users to send me their full fast.log so I can phrase them.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top