What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

This obfuscation of real threats is a side effect of blocking by country. Oh well.

If you look at the blocked connections with large numbers of hits, none of these were blocked due to a country ban. Only some recent 'unique' connections have been county blocked.
 
Thanks, Adamm. Yes, this is over 8000 blocks from internet devices. I have several smart plugs (isolated on a guest IoT network), so maybe these are the culprits?

Code:
=============================================================================================================

Last 10 Unique Connections Blocked (Outbound);

--------------       | --------------                                          | --------------                       
| IP Address |       | | AlienVault |                                          | | Ban Reason |                       
--------------       | --------------                                          | --------------                       

185.126.112.98  (UA) | https://otx.alienvault.com/indicator/ip/185.126.112.98  | Country: cn cz br hk kp kr mx ro ru ua*
45.127.112.23   (US) | https://otx.alienvault.com/indicator/ip/45.127.112.23   | Country: cn cz br hk kp kr mx ro ru ua*
185.82.172.118  (RO) | https://otx.alienvault.com/indicator/ip/185.82.172.118  | Country: cn cz br hk kp kr mx ro ru ua*
185.184.223.140 (BR) | https://otx.alienvault.com/indicator/ip/185.184.223.140 | *                                   
45.127.113.23   (US) | https://otx.alienvault.com/indicator/ip/45.127.113.23   | *                                   
202.89.233.97   (CN) | https://otx.alienvault.com/indicator/ip/202.89.233.97   | *                                   
200.229.248.10  (BR) | https://otx.alienvault.com/indicator/ip/200.229.248.10  | Country: cn cz br hk kp kr mx ro ru ua*
200.189.41.10   (BR) | https://otx.alienvault.com/indicator/ip/200.189.41.10   | *                                   
200.219.159.10  (BR) | https://otx.alienvault.com/indicator/ip/200.219.159.10  | *                                   
200.219.154.10  (BR) | https://otx.alienvault.com/indicator/ip/200.219.154.10  | *                                   

=============================================================================================================

Last 10 Unique HTTP(s) Blocks (Outbound);

--------------       | --------------                                          | --------------                       
| IP Address |       | | AlienVault |                                          | | Ban Reason |                       
--------------       | --------------                                          | --------------                       

191.232.139.2   (IE) | https://otx.alienvault.com/indicator/ip/191.232.139.2   | *                                   
101.37.45.168   (CN) | https://otx.alienvault.com/indicator/ip/101.37.45.168   | *           

=============================================================================================================

Top 10 HTTP(s) Blocks (Outbound);

--------   | --------------       | --------------                                          | --------------         
| Hits |   | | IP Address |       | | AlienVault |                                          | | Ban Reason |         
--------   | --------------       | --------------                                          | --------------         

150x       | 101.37.45.168   (CN) | https://otx.alienvault.com/indicator/ip/101.37.45.168   | *                       
70x        | 191.232.139.2   (IE) | https://otx.alienvault.com/indicator/ip/191.232.139.2   | *                       

=============================================================================================================

Top 10 Blocks (Outbound);

--------   | --------------       | --------------                                          | --------------         
| Hits |   | | IP Address |       | | AlienVault |                                          | | Ban Reason |         
--------   | --------------       | --------------                                          | --------------         

503x       | 106.122.250.80  (CN) | https://otx.alienvault.com/indicator/ip/106.122.250.80  | *                       
502x       | 203.130.50.2    (CN) | https://otx.alienvault.com/indicator/ip/203.130.50.2    | *                       
502x       | 122.138.54.46   (CN) | https://otx.alienvault.com/indicator/ip/122.138.54.46   | *                       
453x       | 37.235.105.200  (CZ) | https://otx.alienvault.com/indicator/ip/37.235.105.200  | *                       
453x       | 37.235.105.100  (CZ) | https://otx.alienvault.com/indicator/ip/37.235.105.100  | *                       
198x       | 203.119.159.121 (CN) | https://otx.alienvault.com/indicator/ip/203.119.159.121 | *                       
195x       | 106.11.41.153   (CN) | https://otx.alienvault.com/indicator/ip/106.11.41.153   | *                       
192x       | 140.205.29.116  (CN) | https://otx.alienvault.com/indicator/ip/140.205.29.116  | *                       
188x       | 140.205.1.6     (CN) | https://otx.alienvault.com/indicator/ip/140.205.1.6     | *                       
187x       | 121.29.51.141   (CN) | https://otx.alienvault.com/indicator/ip/121.29.51.141   | *                       

=============================================================================================================

Top 10 IOT Blocks (Outbound);

--------   | --------------       | --------------                                          | --------------         
| Hits |   | | IP Address |       | | AlienVault |                                          | | Ban Reason |         
--------   | --------------       | --------------                                          | --------------         

19x        | 3.83.64.110     (US) | https://otx.alienvault.com/indicator/ip/3.83.64.110     | Country: cn cz br hk kp kr
4x         | 212.58.244.81   (GB) | https://otx.alienvault.com/indicator/ip/212.58.244.81   | *                       
1x         | 52.57.38.165    (DE) | https://otx.alienvault.com/indicator/ip/52.57.38.165    | *                       

=============================================================================================================

Top 10 Blocked Devices (Outbound);

--------   | ------------     | ---------------                                           
| Hits |   | | Local IP |     | | Device Name |                                           
--------   | ------------     | ---------------                                           

7104x      | 192.168.178.2    | RT-AC86U                                                 
156x       | 192.168.1.152    | AndroidProjector                                                 
70x        | 192.168.1.50     | NIX                                                       

=============================================================================================================
If you look at the blocked connections with large numbers of hits, none of these were blocked due to a country ban. Only some recent 'unique' connections have been county blocked.


The majority of hits are due to country bans (mainly China) from devices connected behind your RT-AC86U AP(?). The reason the ban reasons for some entries aren't showing is due to a limitation in how we try scan for them on a "best effort" basis which isn't as reliable on large subnets.
 
Cheers for your input. I guess I will leave it alone until I see issues with any of the devices. It just found it quite alarming to see so many hits in such a short space of time.

I presume the script cannot identify the names of devices located on a different subnet (i.e. the IoT guest network) so it just shows up as the AC86U. The device 'NIX' is actually my main laptop.
 
I presume the script cannot identify the names of devices located on a different subnet (i.e. the IoT guest network) so it just shows up as the AC86U.

Correct, when Skynet processes the information all it see's is 192.168.178.2 unfortunately.
 
@Adamm, I just saw a minor update for Skynet via amtm. (Note scrolling back to copy the before update info, much is gone when Skynet does the "clear" after some menu choice)
Code:
Router Model; RT-AC86U
Skynet Version; v7.1.1 (20/02/2020) (3a99c0f863d3ad02c98ee0a8a88bdfc7)
=========================================================================================================
Router Model; RT-AC86U
Skynet Version; v7.1.1 (20/02/2020) (0bc267f6f8b1d92762ac8f87ed3541e2)
iptables v1.4.15 - (eth0 @ 192.168.1.1)
ipset v6.32, protocol version: 6
IP Address; xx.yy.xxx.yyy)
FW Version; 384.15_0 (Feb 8 2020) (4.1.27)
Install Dir; /tmp/mnt/SNB/skynet (11.1G / 14.0G Space Available)
SWAP File; /tmp/mnt/SNB/myswap.swp (2.0G)
Scribe logging has stopped, And a cat of the /opt/var/log/ directory shows no logging, only a kernel error.
Code:
@RT-AC86U-4608:/tmp/home/root# cat /opt/var/log/skynet-0.log
Feb 19 12:12:41 RT-AC86U-4608 kernel: P           O    4.1.27 #2
1685 DPT=2245 SEQ=2769179062 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
1010402) MARK=0x8000000
000
Here is the /tmp/mnt/SNB/skynet.log (my USB thumb drive were all add on scripts are installed. Note the last entry is 0820, it is 0920 here now.
Code:
Feb 20 08:27:10 RT-AC86U-4608 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=192.3.204.74 DST=xx.yy.xxx.yyy LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=40859 PROTO=TCP SPT=50916 DPT=4303 SEQ=958249575 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Feb 20 08:27:23 RT-AC86U-4608 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=104.168.65.186 DST=xx.yy.xxx.yyy LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=17765 PROTO=TCP SPT=50821 DPT=9593 SEQ=3436926255 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Feb 20 08:28:02 RT-AC86U-4608 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=177.102.184.94 DST=xx.yy.xxx.yyy LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=29685 DF PROTO=TCP SPT=48423 DPT=80 SEQ=1169112329 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x8000000
 
@Adamm, I just saw a minor update for Skynet via amtm. (Note scrolling back to copy the before update info, much is gone when Skynet does the "clear" after some menu choice)
Code:
Router Model; RT-AC86U
Skynet Version; v7.1.1 (20/02/2020) (3a99c0f863d3ad02c98ee0a8a88bdfc7)
=========================================================================================================
Router Model; RT-AC86U
Skynet Version; v7.1.1 (20/02/2020) (0bc267f6f8b1d92762ac8f87ed3541e2)
iptables v1.4.15 - (eth0 @ 192.168.1.1)
ipset v6.32, protocol version: 6
IP Address; xx.yy.xxx.yyy)
FW Version; 384.15_0 (Feb 8 2020) (4.1.27)
Install Dir; /tmp/mnt/SNB/skynet (11.1G / 14.0G Space Available)
SWAP File; /tmp/mnt/SNB/myswap.swp (2.0G)
Scribe logging has stopped, And a cat of the /opt/var/log/ directory shows no logging, only a kernel error.
Code:
@RT-AC86U-4608:/tmp/home/root# cat /opt/var/log/skynet-0.log
Feb 19 12:12:41 RT-AC86U-4608 kernel: P           O    4.1.27 #2
1685 DPT=2245 SEQ=2769179062 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
1010402) MARK=0x8000000
000
Here is the /tmp/mnt/SNB/skynet.log (my USB thumb drive were all add on scripts are installed. Note the last entry is 0820, it is 0920 here now.
Code:
Feb 20 08:27:10 RT-AC86U-4608 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=192.3.204.74 DST=xx.yy.xxx.yyy LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=40859 PROTO=TCP SPT=50916 DPT=4303 SEQ=958249575 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Feb 20 08:27:23 RT-AC86U-4608 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=104.168.65.186 DST=xx.yy.xxx.yyy LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=17765 PROTO=TCP SPT=50821 DPT=9593 SEQ=3436926255 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Feb 20 08:28:02 RT-AC86U-4608 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=177.102.184.94 DST=xx.yy.xxx.yyy LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=29685 DF PROTO=TCP SPT=48423 DPT=80 SEQ=1169112329 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x8000000

Sounds like a scribe issue, nothing major has changed in relation to Skynet.
 
@Adamm, I just saw a minor update for Skynet via amtm. (Note scrolling back to copy the before update info, much is gone when Skynet does the "clear" after some menu choice)
Code:
Router Model; RT-AC86U
Skynet Version; v7.1.1 (20/02/2020) (3a99c0f863d3ad02c98ee0a8a88bdfc7)
=========================================================================================================
Router Model; RT-AC86U
Skynet Version; v7.1.1 (20/02/2020) (0bc267f6f8b1d92762ac8f87ed3541e2)
iptables v1.4.15 - (eth0 @ 192.168.1.1)
ipset v6.32, protocol version: 6
IP Address; xx.yy.xxx.yyy)
FW Version; 384.15_0 (Feb 8 2020) (4.1.27)
Install Dir; /tmp/mnt/SNB/skynet (11.1G / 14.0G Space Available)
SWAP File; /tmp/mnt/SNB/myswap.swp (2.0G)
Scribe logging has stopped, And a cat of the /opt/var/log/ directory shows no logging, only a kernel error.
Code:
@RT-AC86U-4608:/tmp/home/root# cat /opt/var/log/skynet-0.log
Feb 19 12:12:41 RT-AC86U-4608 kernel: P           O    4.1.27 #2
1685 DPT=2245 SEQ=2769179062 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
1010402) MARK=0x8000000
000
Here is the /tmp/mnt/SNB/skynet.log (my USB thumb drive were all add on scripts are installed. Note the last entry is 0820, it is 0920 here now.
Code:
Feb 20 08:27:10 RT-AC86U-4608 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=192.3.204.74 DST=xx.yy.xxx.yyy LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=40859 PROTO=TCP SPT=50916 DPT=4303 SEQ=958249575 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Feb 20 08:27:23 RT-AC86U-4608 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=104.168.65.186 DST=xx.yy.xxx.yyy LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=17765 PROTO=TCP SPT=50821 DPT=9593 SEQ=3436926255 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Feb 20 08:28:02 RT-AC86U-4608 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=177.102.184.94 DST=xx.yy.xxx.yyy LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=29685 DF PROTO=TCP SPT=48423 DPT=80 SEQ=1169112329 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x8000000
I had that too for a while. A reboot solved it.
 
Sounds like a scribe issue, nothing major has changed in relation to Skynet.
Sigh, I have rebooted more times in the last two days than the last two years...
I had that too for a while. A reboot solved it.
Still no logging into webgui, /opt/var/log/skynet.log or /tmp/mnt/SNB/skynet/skynet.log

Time to remove all add ons (sigh...)
 
Last edited:
I removed everything except Diversion and Skynet, rebooted. Watching webgui syslog. It is now 1101 PST.
Last Skynet logging at 1024 PST.
Code:
usere@RT-AC86U-4608:/tmp/home/root# tail -n5 /tmp/mnt/SNB/skynet/skynet.log
Feb 20 10:23:29 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=xx.yy.xx.yyy DST=71.93.53.51 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=52875 DF PROTO=TCP SPT=2147 DPT=8291 SEQ=3436195759 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x8000000
Feb 20 10:23:33 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=185.56.80.49 DST=xx.yy.xx.yyy LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=29061 DPT=8089 SEQ=3850041684 ACK=1607476027 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
Feb 20 10:24:05 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=223.71.167.164 DST=xx.yy.xx.yyy LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=32709 PROTO=TCP SPT=43568 DPT=1023 SEQ=3239492424 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000
Feb 20 10:24:12 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=193.29.15.169 DST=xx.yy.xx.yyy LEN=67 TOS=0x00 PREC=0x00 TTL=45 ID=40043 DF PROTO=UDP SPT=49832 DPT=53 LEN=47 MARK=0x8000000
Feb 20 10:24:39 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=195.54.166.5 DST=xx.yy.xx.yyy LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=10142 PROTO=TCP SPT=55386 DPT=4131 SEQ=1370751630 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
 
@Butterfly Bones, no issues here with all updates applied.

A little lost on your progress here. Is this the USB drive or the SSD? Was JFFS formatted on the next boot?

How many 'dirty' upgrades in a row so far to v384.15_0? :)
 
I removed everything except Diversion and Skynet, rebooted. Watching webgui syslog. It is now 1101 PST.
Last Skynet logging at 1024 PST.
Code:
usere@RT-AC86U-4608:/tmp/home/root# tail -n5 /tmp/mnt/SNB/skynet/skynet.log
Feb 20 10:23:29 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=xx.yy.xx.yyy DST=71.93.53.51 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=52875 DF PROTO=TCP SPT=2147 DPT=8291 SEQ=3436195759 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x8000000
Feb 20 10:23:33 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=185.56.80.49 DST=xx.yy.xx.yyy LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=29061 DPT=8089 SEQ=3850041684 ACK=1607476027 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
Feb 20 10:24:05 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=223.71.167.164 DST=xx.yy.xx.yyy LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=32709 PROTO=TCP SPT=43568 DPT=1023 SEQ=3239492424 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000
Feb 20 10:24:12 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=193.29.15.169 DST=xx.yy.xx.yyy LEN=67 TOS=0x00 PREC=0x00 TTL=45 ID=40043 DF PROTO=UDP SPT=49832 DPT=53 LEN=47 MARK=0x8000000
Feb 20 10:24:39 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=195.54.166.5 DST=xx.yy.xx.yyy LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=10142 PROTO=TCP SPT=55386 DPT=4131 SEQ=1370751630 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
I too have a problem like this but I think it's a scribe issue. If you have scribe installed and virtually no skynet log entries, if you log into ssh and enter skynet and reload the menu your blocks and everything will start to appear.
 
I removed everything except Diversion and Skynet, rebooted. Watching webgui syslog. It is now 1101 PST.
Last Skynet logging at 1024 PST.
Code:
usere@RT-AC86U-4608:/tmp/home/root# tail -n5 /tmp/mnt/SNB/skynet/skynet.log
Feb 20 10:23:29 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=xx.yy.xx.yyy DST=71.93.53.51 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=52875 DF PROTO=TCP SPT=2147 DPT=8291 SEQ=3436195759 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x8000000
Feb 20 10:23:33 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=185.56.80.49 DST=xx.yy.xx.yyy LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=29061 DPT=8089 SEQ=3850041684 ACK=1607476027 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
Feb 20 10:24:05 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=223.71.167.164 DST=xx.yy.xx.yyy LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=32709 PROTO=TCP SPT=43568 DPT=1023 SEQ=3239492424 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000
Feb 20 10:24:12 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=193.29.15.169 DST=xx.yy.xx.yyy LEN=67 TOS=0x00 PREC=0x00 TTL=45 ID=40043 DF PROTO=UDP SPT=49832 DPT=53 LEN=47 MARK=0x8000000
Feb 20 10:24:39 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=195.54.166.5 DST=xx.yy.xx.yyy LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=10142 PROTO=TCP SPT=55386 DPT=4131 SEQ=1370751630 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Skynet.log is "not" a realtime log. That's normal as far as what I see, the same behaviour, eventually it will again populate to a point.
 
Skynet.log is "not" a realtime log. That's normal as far as what I see, the same behaviour, eventually it will again populate to a point.

Correct, that file is populated every time Purge_Logs() is run which happens during the hourly cronjob or when manually issuing commands.
 
I removed everything except Diversion and Skynet, rebooted. Watching webgui syslog. It is now 1101 PST.
Last Skynet logging at 1024 PST.
Code:
usere@RT-AC86U-4608:/tmp/home/root# tail -n5 /tmp/mnt/SNB/skynet/skynet.log
Feb 20 10:23:29 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=xx.yy.xx.yyy DST=71.93.53.51 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=52875 DF PROTO=TCP SPT=2147 DPT=8291 SEQ=3436195759 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x8000000
Feb 20 10:23:33 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=185.56.80.49 DST=xx.yy.xx.yyy LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=29061 DPT=8089 SEQ=3850041684 ACK=1607476027 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
Feb 20 10:24:05 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=223.71.167.164 DST=xx.yy.xx.yyy LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=32709 PROTO=TCP SPT=43568 DPT=1023 SEQ=3239492424 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000
Feb 20 10:24:12 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=193.29.15.169 DST=xx.yy.xx.yyy LEN=67 TOS=0x00 PREC=0x00 TTL=45 ID=40043 DF PROTO=UDP SPT=49832 DPT=53 LEN=47 MARK=0x8000000
Feb 20 10:24:39 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=88:d7:f6:1d:46:08:00:01:5c:6d:22:46:08:00 SRC=195.54.166.5 DST=xx.yy.xx.yyy LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=10142 PROTO=TCP SPT=55386 DPT=4131 SEQ=1370751630 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
skynet-0.log is the realtime log ...
 
@Butterfly Bones, no issues here with all updates applied.

A little lost on your progress here. Is this the USB drive or the SSD? Was JFFS formatted on the next boot?

How many 'dirty' upgrades in a row so far to v384.15_0? :)
Factory reset router, format jffs partition, format USB drive all yesterday. I do not have the SSD in now, it was originally for TimeMachine backups, and when this is solved, will be used only for that again.

I did "restore" some of my /jffs/scripts/ by opening the backups of the directory on my Linux desktop, then using nano to edit or create the scripts on the AC86U, so no direct copy.

I did copy the /tmp/mnt/SNB/skynet/Skynet-Backup.tar.gz to the USB and used the Skynet menu to restore it. I copied the /tmp/mnt/SNB/entware/share/diversion/list/blacklist and /tmp/mnt/SNB/entware/share/diversion/list/whitelist from the desktop to the same directories on the router after clean Diversion install, and processed all list in Diversion "el > 4".

As stated above, I am looking at /tmp/mnt/SNB/skynet/skynet.log where from searching earlier in this thread (here), Adamm states this where Skynet writes its log, that purges and hourly events are saved in /tmp/mnt/SNB/skynet/events.log.

/tmp/mnt/SNB/skynet/skynet.log stopped logging at 1024 PST. No Scribe installed, the webgui is at /tmp/syslog.log.

Here is where /tmp/syslog stops Skynet logging.
Code:
Feb 20 10:23:38 rc_service: service 7532:notify_rc restart_firewall
Feb 20 10:23:38 custom_script: Running /jffs/scripts/service-event (args: restart firewall)
Feb 20 10:23:38 nat: apply nat rules (/tmp/nat_rules_eth0_eth0)
Feb 20 10:23:38 custom_script: Running /jffs/scripts/nat-start
Feb 20 10:23:38 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Feb 20 10:23:59 Skynet: [#] 123084 IPs (+0) -- 1524 Ranges Banned (+0) || 0 Inbound -- 0 Outbound Connections Blocked! [start] [21s]
Feb 20 10:25:05 dropbear[10058]: Child connection from 192.168.1.XX:42714
Feb 20 10:25:15 dropbear[10058]: Bad password attempt for 'user_name' from 192.168.1.XX:42714
Feb 20 10:25:24 dropbear[10058]: Bad password attempt for 'user_name' from 192.168.1.XX:42714
Feb 20 10:25:35 dropbear[10058]: Password auth succeeded for 'user_name' from 192.168.1.XX:42714
 
Hi,

With Skynet already installed and blocking inbound, how can you (can you?) turn on outbound blocking? I don't see anything in the menus.

Thanks,
Anton
 
Hi,

With Skynet already installed and blocking inbound, how can you (can you?) turn on outbound blocking? I don't see anything in the menus.

Thanks,
Anton
Open Skynet

11 > 4 gives this.
Code:
Select Filter Option:
[1]  --> All Traffic
[2]  --> Inbound
[3]  --> Outbound
 
I have had a script add on boondoggle this morning, what fun.

Finaly removed the SSD that was running everything, went back to the USB thumb drive I used before. Had to format it on my Linux box, then was able to format it with AMTM.

Now Skynet thinks it installed, how can I get whatever the @#$%&! causes this removed?!
Code:
#########################################################################################################
#                                                                                                       #
#                  ███████╗██╗  ██╗██╗   ██╗███╗   ██╗███████╗████████╗    ██╗   ██╗███████╗            #
#                  ██╔════╝██║ ██╔╝╚██╗ ██╔╝████╗  ██║██╔════╝╚══██╔══╝    ██║   ██║╚════██║            #
#                  ███████╗█████╔╝  ╚████╔╝ ██╔██╗ ██║█████╗     ██║       ██║   ██║    ██╔╝            #
#                  ╚════██║██╔═██╗   ╚██╔╝  ██║╚██╗██║██╔══╝     ██║       ╚██╗ ██╔╝   ██╔╝             #
#                  ███████║██║  ██╗   ██║   ██║ ╚████║███████╗   ██║        ╚████╔╝    ██║              #
#                  ╚══════╝╚═╝  ╚═╝   ╚═╝   ╚═╝  ╚═══╝╚══════╝   ╚═╝         ╚═══╝     ╚═╝              #
#                                                                                                       #
#                                 Router Firewall And Security Enhancements                             #
#                             By Adamm -  https://github.com/Adamm00/IPSet_ASUS                         #
#                                            20/02/2020 - v7.1.1                                        #
#########################################################################################################
Skynet: [*] USB Not Found - Sleeping For 10 Seconds ( Attempt 1 Of 10 )
Skynet: [*] USB Not Found - Sleeping For 10 Seconds ( Attempt 2 Of 10 )

The USB was formatted three times, with a fresh install of AMTM and Diversion.

I have this exact problem, it's been driving me insane. I see that you did manage to fix it by deleting certain things in the jffs. Could you walk a jffs editing newbie through your fix?
 
I have this exact problem, it's been driving me insane. I see that you did manage to fix it by deleting certain things in the jffs. Could you walk a jffs editing newbie through your fix?

You need to remove the Skynet line from /jffs/scripts/firewall-start
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top