What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

drwxrwxrwx 15 darkony root 1000 Jun 3 18:50 .
drwxr-xr-x 18 darkony root 337 May 31 21:49 ..
-rwxr--r-- 1 darkony root 0 Jun 3 04:14 .bwdpi.appdb.lck
-rwxr--r-- 1 darkony root 0 Jun 3 04:14 .bwdpi.rule.lck
-rwxr--r-- 1 darkony root 0 Jun 3 04:14 .qosd.conf.lock
drw-rw-rw- 2 darkony root 80 Jun 3 04:14 ERP
drwxrwxrwx 3 darkony root 80 Aug 1 2015 avahi
drw-rw-rw- 3 darkony root 360 Jun 3 04:15 bwdpi
-rw-rw-rw- 1 darkony root 24 Jun 3 04:14 ddns.cache
lrwxrwxrwx 1 darkony root 8 Aug 1 2015 dhcp6c -> /sbin/rc
drwxr-xr-x 5 darkony root 880 Jun 3 04:14 etc
-rw-rw-rw- 1 darkony root 828 Jun 3 18:30 filter.default
-rw-rw-rw- 1 darkony root 383 Jun 3 18:30 filter_ipv6.default
-rw-rw-rw- 1 darkony root 2031 Jun 3 18:30 filter_rules
drwxr-xr-x 3 darkony root 60 Jan 1 1970 home
drwxrwxrwx 5 darkony root 260 Jun 3 04:14 lighttpd
-rw-rw-rw- 1 darkony root 4278 Aug 1 2015 lighttpd.conf
-rw-rw-rw- 1 darkony root 64 Aug 1 2015 lld2d.conf
-rw-rw-rw- 1 darkony root 228 Aug 1 2015 miniupnpc.log
drwxrwxrwx 4 darkony root 80 Aug 1 2015 mnt
lrwxrwxrwx 1 darkony root 24 Jun 3 18:30 nat_rules -> /tmp/nat_rules_eth0_eth0
-rw-rw-rw- 1 darkony root 1322 Jun 3 18:30 nat_rules_eth0_eth0
drwxr-xr-x 3 darkony root 60 Jan 1 1970 notify
lrwxrwxrwx 1 darkony root 24 Jun 3 04:14 opt -> /tmp/mnt/ADBLOCK/entware
prw------- 1 nobody nobody 0 Jun 3 04:23 pixelcerts
drwxrwxrwx 3 darkony root 260 Aug 1 2015 ppp
drwxr--r-- 2 darkony root 140 Aug 1 2015 pptpd
-rwxr-xr-x 1 darkony root 617 May 31 21:49 qtn_dbg.sh
-rw-rw-rw- 1 darkony root 1492 Jun 3 18:30 redirect_rules
-rw-rw-rw- 1 darkony root 46 Aug 1 2015 resolv.conf
-rw-rw-rw- 1 darkony root 0 Aug 1 2015 resolv.dnsmasq
-rwxr-xr-x 1 darkony root 3440 May 31 21:49 router_command.sh
-rw-r--r-- 1 darkony root 0 Jan 1 1970 settings
drwxr-xr-x 2 darkony root 40 Jan 1 1970 share
-rwxr-xr-x 1 darkony root 5999 May 31 21:49 start-stateless-slave
-rw-rw-rw- 1 darkony root 410 Aug 1 2015 stateless_slave_config
-rw-rw-rw- 1 darkony root 345 Jun 3 18:50 syslog.log
-rwxr-xr-x 1 darkony root 5016152 May 31 21:49 topaz-linux.lzma.img
-rwxr-xr-x 1 darkony root 68 May 31 21:49 tweak_qcomm
-rwxr-xr-x 1 darkony root 68816 May 31 21:49 u-boot.bin
lrwxrwxrwx 1 darkony root 8 Aug 1 2015 udhcpc -> /sbin/rc
-rw-rw-rw- 1 darkony root 10 Jun 3 14:44 udhcpc0.expires
drwxrwxrwx 2 darkony root 40 Aug 1 2015 upnpicon
-rw-rw-rw- 1 darkony root 104 Jun 3 04:24 usb.log
-rw-rw-rw- 1 darkony root 64 Jun 3 04:14 usb_err
drwxr-xr-x 13 darkony root 320 Jun 3 04:14 var
-rw-rw-rw- 1 darkony root 0 Jun 3 04:14 vp_full.txt
lrwxrwxrwx 1 darkony root 8 Aug 1 2015 wpa_cli -> /sbin/rc
-rw-rw-rw- 1 darkony root 0 Jun 3 04:14 wrs_full.txt
lrwxrwxrwx 1 darkony root 8 Aug 1 2015 zcip -> /sbin/rc
 
Ok, so you actually have syslog.log as expected. Now try this tail -f /tmp/syslog.log
 
Code:
Jun  3 18:50:47 kernel: [BLOCKED - NEW BAN] IN=eth0 OUT= MAC=d0:17:c2:b2:e3:98:60:73:5c:72:3e:d9:08:00 SRC=183.108.56.143 DST=188.2.97.133 LEN=56 TOS=0x00 PREC=0x00 TTL=243 ID=42157 PROTO=ICMP TYPE=3 CODE=1 [SRC=188.2.97.133 DST=183.108.56.143 LEN=34304 TOS=0x00 PREC=0x00 TTL=103 ID=233 PROTO=UDP SPT=25871 DPT=14059 LEN=114 ] MARK=0x83840070
 
Ok, now do the following:

Code:
/jffs/scripts/firewall whitelist domain asuswebstorage.com

And then check if your web storage app connects.
 
I did that allready but no use same thing, like the app is using some other ip.Here screen
Code:
Skynet: [Adding asuswebstorage.com To Whitelist] ... ... ...
Whitelisting 98.158.146.6
ipset v6.29: Element cannot be added to the set: it's already added
ipset v6.29: Element cannot be deleted from the set: it's not added
Whitelisting 98.158.146.6
ipset v6.29: Element cannot be added to the set: it's already added
ipset v6.29: Element cannot be deleted from the set: it's not added
Saving Changes
Skynet: [Complete] 480 IPs / 0 Ranges banned. 0 New IPs / 0 New Ranges Banned. 2599 IP / 0 Range Connections Blocked! [2s]
 
Ok, then run the tail command as above, and then try to connect the app. If destination is being blocked, you will see its IP in with "DST=" prefix. Then check to make sure it belongs to ASUS and whitelist it.
 
I get this IP 117.198.177.69, but I don't think it's asuswebstorage
Code:
darkony@RT-AC87U-E398:/tmp/home/root# tail -f /tmp/syslog.log
Jun  3 19:00:01 crond[496]: USER darkony pid 27031 cmd /jffs/scripts/firewall save
Jun  3 19:05:48 Skynet: [Adding asuswebstorage.com To Whitelist] ... ... ...
Jun  3 19:05:50 Skynet: [Complete] 480 IPs / 0 Ranges banned. 0 New IPs / 0 New Ranges Banned. 2599 IP / 0 Range Connections Blocked! [2s]
Jun  3 19:06:24 kernel: [BLOCKED - NEW BAN] IN=eth0 OUT= MAC=d0:17:c2:b2:e3:98:60:73:5c:72:3e:d9:08:00 SRC=117.198.177.69 DST=188.2.97.133 LEN=162 TOS=0x00 PREC=0x00 TTL=54 ID=38227 PROTO=ICMP TYPE=3 CODE=3 [SRC=188.2.97.133 DST=117.198.177.69 LEN=134 TOS=0x00 PREC=0x00 TTL=107 ID=26418 PROTO=UDP SPT=25871 DPT=50321 LEN=114 ]
 
Is that the only IP that you see?
One of them is you (Serbia?) and the other one is pinging you from India... you should see some others as well.
 
Hi can you help me since I have a problem with aplication "asuswebstorage"not connecting since install this script, I tried to debug while opening and logging in but no ip is shown.Also I get this error when starting debug 1st time the 2nd time I start it it is running but no ip as I said up there.

That error indicates at the time you didn't have a syslog (not really sure in what situation that would happen as even during a fresh install there has to be logging?)

Once you do get the command working though as you said, try use the asuswebstorage feature (I'm not familiar with it but just toggle something or refresh it etc) and if this script is the thing blocking it, the IP should appear in the log usually multiple times in a row. Keep in mind the "debug watch" feature is real-time, so it will only show occurrences from that point forward.

You can also use the "sh /jffs/scripts/firewall stats" command to see which is your most blocked IP(s), this can be used for further investigation for potential false positives.
 
Thanks all for helping me but after command: sh /jffs/scripts/firewall debug watch here is the screen
upload_2017-6-3_19-32-29.png
 
Do you see anything in the 192.0.78.0/24 range being blocked?
 
Thanks all for helping me but after command: sh /jffs/scripts/firewall debug watch here is the screen

Please post the output of;

Code:
sh /jffs/scripts/firewall stats
 
Please post the output of;

Code:
sh /jffs/scripts/firewall stats
Code:
!!! Debug Mode Is Disabled !!!
To Enable Use 'sh /jffs/scripts/firewall install'

Debug Data Detected in /jffs/skynet.log - 1.0K
Only New Bans Being Tracked (enable debug mode for connection tracking)
Monitoring From Jun 3 18:50:47 To Jun 3 19:06:24
2 Total Events Detected
2 Unique IPs
2 Autobans Issued
0 Manual Bans Issued

Top 10 Ports Attacked; (Torrent Clients May Cause Excess Hits In Debug Mode)
1x https://www.speedguide.net/port.php?port=50321
1x https://www.speedguide.net/port.php?port=14059

Top 10 Attacker Source Ports;
2x https://www.speedguide.net/port.php?port=25871

Last 10 Unique Connections Blocked;
https://otx.alienvault.com/indicator/ip/117.198.177.69
https://otx.alienvault.com/indicator/ip/183.108.56.143

Last 10 Autobans;
https://otx.alienvault.com/indicator/ip/117.198.177.69
https://otx.alienvault.com/indicator/ip/183.108.56.143

Last 10 Manual Bans;

Last 10 Unique HTTP(s) Blocks;

Top 10 HTTP(s) Blocks;

Top 10 Attackers;
1x https://otx.alienvault.com/indicator/ip/183.108.56.143
1x https://otx.alienvault.com/indicator/ip/117.198.177.69

Skynet: [Complete] 480 IPs / 0 Ranges banned. 0 New IPs / 0 New Ranges Banned. 4510 IP / 0 Range Connections Blocked! [1s]
 


Please enable debug mode via the installer, that's why you are seeing nothing in the logs

Also did you add most of your bans manually? It seems you have 478 the script can't account for (maybe you used the import command?)
 
Here is some of logs after reinstall
Code:
Jun  3 19:41:23 kernel: [BLOCKED - RAW] IN=eth0 OUT= MAC=d0:17:c2:b2:e3:98:60:73:5c:72:3e:d9:08:00 SRC=87.116.180.110 DST=188.2.97.133 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=9908 DF PROTO=TCP SPT=45241 DPT=25871 SEQ=3102212361 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B40103030001010402) MARK=0x8193005e
Jun  3 19:41:25 kernel: [BLOCKED - RAW] IN=eth0 OUT= MAC=d0:17:c2:b2:e3:98:60:73:5c:72:3e:d9:08:00 SRC=96.44.159.114 DST=188.2.97.133 LEN=76 TOS=0x00 PREC=0x00 TTL=40 ID=30383 PROTO=ICMP TYPE=3 CODE=3 [SRC=188.2.97.133 DST=96.44.159.114 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=4624 PROTO=UDP SPT=25871 DPT=26948 LEN=28 ] MARK=0x81810002
Jun  3 19:41:28 kernel: [BLOCKED - RAW] IN=eth0 OUT= MAC=d0:17:c2:b2:e3:98:60:73:5c:72:3e:d9:08:00 SRC=31.13.84.34 DST=188.2.97.133 LEN=60 TOS=0x00 PREC=0x00 TTL=91 ID=0 DF PROTO=TCP SPT=443 DPT=43958 SEQ=2391468734 ACK=3186689630 WINDOW=28960 RES=0x00 ACK SYN URGP=0 OPT (020405B40402080AE5EED7C2010C781401030308) MARK=0x81810002
Jun  3 19:41:30 kernel: [BLOCKED - RAW] IN=eth0 OUT= MAC=d0:17:c2:b2:e3:98:60:73:5c:72:3e:d9:08:00 SRC=31.13.84.34 DST=188.2.97.133 LEN=308 TOS=0x00 PREC=0x00 TTL=91 ID=63820 DF PROTO=TCP SPT=443 DPT=39243 SEQ=2701171653 ACK=3392044965 WINDOW=122 RES=0x00 ACK URGP=0 OPT (0101080ABFCCC0C0000356CF) MARK=0x818d00de
Jun  3 19:41:30 kernel: [BLOCKED - RAW] IN=eth0 OUT= MAC=d0:17:c2:b2:e3:98:60:73:5c:72:3e:d9:08:00 SRC=157.55.130.149 DST=188.2.97.133 LEN=481 TOS=0x00 PREC=0x00 TTL=52 ID=59333 DF PROTO=UDP SPT=40030 DPT=46348 LEN=461
Jun  3 19:41:31 kernel: [BLOCKED - RAW] IN=eth0 OUT= MAC=d0:17:c2:b2:e3:98:60:73:5c:72:3e:d9:08:00 SRC=96.44.159.114 DST=188.2.97.133 LEN=76 TOS=0x00 PREC=0x00 TTL=40 ID=30384 PROTO=ICMP TYPE=3 CODE=3 [SRC=188.2.97.133 DST=96.44.159.114 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=4625 PROTO=UDP SPT=25871 DPT=26948 LEN=28 ]
Jun  3 19:41:32 kernel: [BLOCKED - RAW] IN=eth0 OUT= MAC=d0:17:c2:b2:e3:98:60:73:5c:72:3e:d9:08:00 SRC=157.55.130.149 DST=188.2.97.133 LEN=481 TOS=0x00 PREC=0x00 TTL=52 ID=59473 DF PROTO=UDP SPT=40030 DPT=46348 LEN=461
Jun  3 19:41:34 kernel: [BLOCKED - RAW] IN=eth0 OUT= MAC=d0:17:c2:b2:e3:98:60:73:5c:72:3e:d9:08:00 SRC=88.202.231.15 DST=188.2.97.133 LEN=76 TOS=0x00 PREC=0x00 TTL=60 ID=49396 PROTO=ICMP TYPE=3 CODE=3 [SRC=188.2.97.133 DST=88.202.231.15 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=8257 PROTO=UDP SPT=25871 DPT=37796 LEN=28 ] MARK=0x8193005e
Jun  3 19:41:37 kernel: [BLOCKED - RAW] IN=eth0 OUT= MAC=d0:17:c2:b2:e3:98:60:73:5c:72:3e:d9:08:00 SRC=88.202.231.15 DST=188.2.97.133 LEN=76 TOS=0x00 PREC=0x00 TTL=60 ID=49726 PROTO=ICMP TYPE=3 CODE=3 [SRC=188.2.97.133 DST=88.202.231.15 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=8258 PROTO=UDP SPT=25871 DPT=37796 LEN=28 ] MARK=0x81810002
Jun  3 19:41:43 kernel: [BLOCKED - RAW] IN=eth0 OUT= MAC=d0:17:c2:b2:e3:98:60:73:5c:72:3e:d9:08:00 SRC=88.202.231.15 DST=188.2.97.133 LEN=76 TOS=0x00 PREC=0x00 TTL=60 ID=49868 PROTO=ICMP TYPE=3 CODE=3 [SRC=188.2.97.133 DST=88.202.231.15 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=8259 PROTO=UDP SPT=25871 DPT=37796 LEN=28 ]
Jun  3 19:41:44 kernel: [BLOCKED - RAW] IN=eth0 OUT= MAC=d0:17:c2:b2:e3:98:60:73:5c:72:3e:d9:08:00 SRC=31.13.84.34 DST=188.2.97.133 LEN=60 TOS=0x00 PREC=0x00 TTL=91 ID=0 DF PROTO=TCP SPT=443 DPT=43958 SEQ=2391468734 ACK=3186689630 WINDOW=28960 RES=0x00 ACK SYN URGP=0 OPT (020405B40402080AE5EF1642010C781401030308)
Jun  3 19:41:49 kernel: [BLOCKED - RAW] IN=eth0 OUT= MAC=d0:17:c2:b2:e3:98:60:73:5c:72:3e:d9:08:00 SRC=31.13.84.34 DST=188.2.97.133 LEN=180 TOS=0x00 PREC=0x00 TTL=91 ID=63821 DF PROTO=TCP SPT=443 DPT=39243 SEQ=2701171653 ACK=3392044965 WINDOW=122 RES=0x00 ACK URGP=0 OPT (0101080ABFCD0B00000356CF)
Jun  3 19:41:50 kernel: [BLOCKED - RAW] IN=eth0 OUT= MAC=d0:17:c2:b2:e3:98:60:73:5c:72:3e:d9:08:00 SRC=210.65.113.218 DST=188.2.97.133 LEN=52 TOS=0x00 PREC=0x00 TTL=25 ID=0 DF PROTO=TCP SPT=443 DPT=64112 SEQ=2861745885 ACK=1570650249 WINDOW=29200 RES=0x00 ACK SYN URGP=0 OPT (020405B40101040201030307)
Jun  3 19:41:51 kernel: [BLOCKED - RAW] IN=eth0 OUT= MAC=d0:17:c2:b2:e3:98:60:73:5c:72:3e:d9:08:00 SRC=210.65.113.218 DST=188.2.97.133 LEN=52 TOS=0x00 PREC=0x00 TTL=25 ID=0 DF PROTO=TCP SPT=443 DPT=64112 SEQ=2861745885 ACK=1570650249 WINDOW=29200 RES=0x00 ACK SYN URGP=0 OPT (020405B40101040201030307)
Jun  3 19:41:53 kernel: [BLOCKED - RAW] IN=eth0 OUT= MAC=d0:17:c2:b2:e3:98:60:73:5c:72:3e:d9:08:00 SRC=210.65.113.218 DST=188.2.97.133 LEN=52 TOS=0x00 PREC=0x00 TTL=25 ID=0 DF PROTO=TCP SPT=443 DPT=64112 SEQ=2861745885 ACK=1570650249 WINDOW=29200 RES=0x00 ACK SYN URGP=0 OPT (020405B40101040201030307)
Jun  3 19:41:58 kernel: [BLOCKED - RAW] IN=eth0 OUT= MAC=d0:17:c2:b2:e3:98:60:73:5c:72:3e:d9:08:00 SRC=210.65.113.218 DST=188.2.97.133 LEN=52 TOS=0x00 PREC=0x00 TTL=25 ID=0 DF PROTO=TCP SPT=443 DPT=64128 SEQ=3227321726 ACK=2201279678 WINDOW=29200 RES=0x00 ACK SYN URGP=0 OPT (020405B40101040201030307)
Jun  3 19:41:58 kernel: [BLOCKED - RAW] IN=eth0 OUT= MAC=d0:17:c2:b2:e3:98:60:73:5c:72:3e:d9:08:00 SRC=178.148.174.240 DST=188.2.97.133 LEN=48 TOS=0x00 PREC=0x00 TTL=57 ID=17985 PROTO=UDP SPT=60174 DPT=25871 LEN=28
Jun  3 19:41:58 kernel: [BLOCKED - RAW] IN=eth0 OUT= MAC=d0:17:c2:b2:e3:98:60:73:5c:72:3e:d9:08:00 SRC=178.148.174.240 DST=188.2.97.133 LEN=52 TOS=0x00 PREC=0x00 TTL=57 ID=17986 DF PROTO=TCP SPT=58143 DPT=25871 SEQ=2775458452 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (020405B40103030801010402)
Jun  3 19:41:59 kernel: [BLOCKED - RAW] IN=eth0 OUT= MAC=d0:17:c2:b2:e3:98:60:73:5c:72:3e:d9:08:00 SRC=210.65.113.218 DST=188.2.97.133 LEN=52 TOS=0x00 PREC=0x00 TTL=25 ID=0 DF PROTO=TCP SPT=443 DPT=64112 SEQ=3002402908 ACK=1570650249 WINDOW=29200 RES=0x00 ACK SYN URGP=0 OPT (020405B40101040201030307)
^C
 
Here is some of logs after reinstall

Also did you add most of your bans manually? It seems you have 478 the script can't account for (maybe you used the import command?)
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top