Skynet Skynet - Router Firewall & Security Enhancements

[Swistheater]

why would they ban chase.com? it just happen today

I added the IP address to skynet whitelist and it unblocked it

 

[paulad]

https://www.snbforums.com/threads/r...wall-security-enhancements.16798/#post-115872

quick question. why you guys ban secure01b.chase.com ?

 

[Swistheater]

quick question. why you guys ban secure01b.chase.com ?

skynet itself intercepted it and blocked it-- probably because of security parameters. the designers didnt block it.

 

[Swistheater]

https://www.snbforums.com/threads/r...wall-security-enhancements.16798/#post-115872

glad to see it does it's job

 

[Butterfly Bones]

why would they ban chase.com? it just happen today

it is official it is blocking JP. Morgan.Chase i did an IP look up
159.53.232.19

Look at what Alienvault Online Threat Exchange states, especially the Network IDS Signature Hits, will explain the ban.

https://otx.alienvault.com/indicator/ip/159.53.232.19

 

[paulad]

Look at what Alienvault Online Threat Exchange states, especially the Network IDS Signature Hits, will explain the ban.

https://otx.alienvault.com/indicator/ip/159.53.232.19

I am not a network guy.

does this mean JP. Morgan.Chase is being hacked by hacker?

 

[Swistheater]

yea it is not listed as a threat on alienvault

 

[Butterfly Bones]

yea it is not listed as a threat on alienvault

True, but there is still malicious activity associated with that address, and that is why firehol blocked it.

Exact Matches;
--------------       | ---------                               
| IP Address |       | | List |                               
--------------       | ---------                               
159.53.232.19        | https://iplists.firehol.org/files/taichung.ipset

 

[Swistheater]

True, but there is still malicious activity associated with that address, and that is why firehol blocked it.

Exact Matches;
--------------       | ---------                              
| IP Address |       | | List |                              
--------------       | ---------                              
159.53.232.19        | https://iplists.firehol.org/files/taichung.ipset

like i said before ... thank you adamm this brilliant firewall addition does its job lol.

 

[Swistheater]

I think someday when some one feels creative we should make a bigger guide section or a more noticeable guide section for white-listing. ---for both skynet and diversion. it seems people do not know that it is something that can be done----- not saying your page isn't good adamm- i just think people automatically roll to the end of the thread instead of seeing it in the front.

 

[EmeraldDeer]

# firewall stats search ip 159.53.232.27

[i] Debug Data Detected in /tmp/mnt/ent/skynet/skynet.log - 6.7M
[i] Monitoring From Apr 13 22:01:29 To Apr 21 16:33:05
[i] 25312 Block Events Detected
[i] 4559 Unique IPs
[i] 0 Manual Bans Issued

159.53.232.27 is NOT in set Skynet-Whitelist.
159.53.232.27 is in set Skynet-Blacklist.
159.53.232.27 is NOT in set Skynet-BlockedRanges.

Blacklist Reason;
 "BanMalware: taichung.ipset"


Associated Domain(s);
2601:18f:800:b426:1dbc:689a:3094:efb1


[i] IP Location - United States (JPMorgan Chase & Co. / AS10934)

[i] 159.53.232.27 First Tracked On Apr 21 16:30:52
[i] 159.53.232.27 Last Tracked On Apr 21 16:31:27
[i] 12 Blocks Total

 

[Swistheater]

# firewall stats search ip 159.53.232.27

[i] Debug Data Detected in /tmp/mnt/ent/skynet/skynet.log - 6.7M
[i] Monitoring From Apr 13 22:01:29 To Apr 21 16:33:05
[i] 25312 Block Events Detected
[i] 4559 Unique IPs
[i] 0 Manual Bans Issued

159.53.232.27 is NOT in set Skynet-Whitelist.
159.53.232.27 is in set Skynet-Blacklist.
159.53.232.27 is NOT in set Skynet-BlockedRanges.

Blacklist Reason;
 "BanMalware: taichung.ipset"


Associated Domain(s);
2601:18f:800:b426:1dbc:689a:3094:efb1


[i] IP Location - United States (JPMorgan Chase & Co. / AS10934)

[i] 159.53.232.27 First Tracked On Apr 21 16:30:52
[i] 159.53.232.27 Last Tracked On Apr 21 16:31:27
[i] 12 Blocks Total

so basically you should bank some where else right? imagine how many banks get attacked though.

 

[EmeraldDeer]

https://iplists.firehol.org/?ipset=taichung
https://www.tc.edu.tw/net/netflow/lkout/recent/30

 

[Swistheater]

was this an address phishing to be chase but not really chase?

 

[EmeraldDeer]

https://www.bgpview.io/prefix/159.53.232.0/24
Perhaps the range should be whitelisted

firewall whitelist range 159.53.232.0/24 "Chase"

 

[EmeraldDeer]

was this an address phishing to be chase but not really chase?

One of the blacklists which Skynet uses is maintained by a school in Taiwan.
According to them, computers from Chase were scanning for Remote Desktop and SSH ports. Which computers were the targets? I don't know.

 

[Jack Yaz]

Is there any harm in launching Skynet with

 /jffs/scripts/firewall start

without the skynetloc parameter? This is after having disabled skynet with

/jffs/scripts/firewall disable

 

[Adamm]

Is there any harm in launching Skynet with

 /jffs/scripts/firewall start

without the skynetloc parameter? This is after having disabled skynet with

/jffs/scripts/firewall disable

Wont work, skynet will have no idea where to find the config file as we store it in the install directory. Use "firewall restart" instead which restarts the firewall service.

 

[Jack Yaz]

Wont work, skynet will have no idea where to find the config file as we store it in the install directory. Use "firewall restart" instead which restarts the firewall service.

That's what I thought, but it seems to do something (in that it does load the iptables rules back) and no errors are thrown. I'll use firewall restart instead though, thanks!

 

[thelonelycoder]

That's what I thought, but it seems to do something (in that it does load the iptables rules back) and no errors are thrown. I'll use firewall restart instead though, thanks!

I check for the Skynet lockfile in Diversion before I restart it. I do it when the whitelist in Diversion changes. Look for the code in functions.div