Skynet Skynet - Router Firewall & Security Enhancements

[Sean Rhodes]

Scratch my question guys (fingers in operation before brain in gear) I had the default character set instead of UTF-8.

 

[dave14305]

Scratch my question guys (fingers in operation before brain in gear) I had the default character set instead of UTF-8.

Or it's a new "banner encryption" security feature...

 

[dave14305]

I had another idea as I see my Skynet log is currently at 9.8 MB. What about running Generate_Stats just before resetting the logfile when it's over 10 MB? Otherwise, the data is purged and never included in the stats page, if I'm reading things correctly.

 

[Butterfly Bones]

I had another idea as I see my Skynet log is currently at 9.8 MB. What about running Generate_Stats just before resetting the logfile when it's over 10 MB? Otherwise, the data is purged and never included in the stats page, if I'm reading things correctly.

That is a great idea!

 

[andresmorago]

@andresmorago
That's a good sign.
That means, no outbound connections had to be blocked.
Usually, when a PC is infected with malware, it's trying to download something else or contact a control server. In that case, Skynet tries to block these attempts.
Also, should your browser try to open a malicious website, this attempt would also be blocked and logged under blocked outgoing connections.
You could try to ping a banned IP, then you would see some blocked outgoing connentions.

thanks!

on a different matter, this might be a silly question.
i have an openvpn server running on my router. how do i have skynet protect the vpn clients connected to it? i notice that clients have no outbound/inbound protection at all

 

[cmkelley]

n00B question: I want to hide certain Skynet/firewall log entries from the syslog. In particular, the INBOUND blocks. These all appear to be those "botnets" and random portscanners from *.RU (etc) and I think they are a fact of life in this day and age. However, I still want to see any OUTBOUND blocks by Skynet because that would imply one of my local clients is trying to hit a malware IP. Any suggestions?

Use scribe to install syslog-ng, and customize the Skynet filter to only filter out what you don't want?

 

[randomName]

Does Logging have to be enabled for the WebGUI AND the firewall to work, or just the WebGUI?

 

[dave14305]

Does Logging have to be enabled for the WebGUI AND the firewall to work, or just the WebGUI?

Only the WebUI is dependent on logging for its stats.

 

[randomName]

Only the WebUI is dependent on logging for its stats.

Ok, thanks! Just wanted to double check on that

 

[KGB7]

Try a reinstall Option 14 or a forced update Option 10.

Reinstalled it. Forced update it. Restarted it.

Still getting same error; IPTables Rules | [Failed]


Router Model; RT-AC68U
Skynet Version; v7.1.6 (16/04/2020) (f90f2d74ad9bd63b2fc353ee7d84e863)
iptables v1.4.15 - ( @ 192.160.100.1)
ipset v6.32, protocol version: 6
IP Address; (192.168.100.4)
FW Version; 384.16_0 (Apr 5 2020) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/sda1/skynet (1.5G / 3.7G Space Available)
SWAP File; /tmp/mnt/sda1/myswap.swp (2.0G)

 

[Adamm]

Reinstalled it. Forced update it. Restarted it.

Still getting same error; IPTables Rules | [Failed]


Router Model; RT-AC68U
Skynet Version; v7.1.6 (16/04/2020) (f90f2d74ad9bd63b2fc353ee7d84e863)
iptables v1.4.15 - ( @ 192.160.100.1)
ipset v6.32, protocol version: 6
IP Address; (192.168.100.4)
FW Version; 384.16_0 (Apr 5 2020) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/sda1/skynet (1.5G / 3.7G Space Available)
SWAP File; /tmp/mnt/sda1/myswap.swp (2.0G)

Post the full debug info output along with any related messages in your syslog.

 

[Adamm]

I had another idea as I see my Skynet log is currently at 9.8 MB. What about running Generate_Stats just before resetting the logfile when it's over 10 MB? Otherwise, the data is purged and never included in the stats page, if I'm reading things correctly.

Bit of an edge case, but I've gone ahead and added it anyway

thanks!

on a different matter, this might be a silly question.
i have an openvpn server running on my router. how do i have skynet protect the vpn clients connected to it? i notice that clients have no outbound/inbound protection at all

Skynet filters all clients connected to the routers OpenVPN server.

 

[ryosuke]

just to check, do i need to keep my USB on the router after installing skynet?

 

[Adamm]

just to check, do i need to keep my USB on the router after installing skynet?

Yes thats where Skynet stores its files.

 

[ryosuke]

Yes thats where Skynet stores its files.

oh, ok. i didnt keep it there. haha. and if i wanted to change another USB for the router. can i do it?

 

[Adamm]

oh, ok. i didnt keep it there. haha. and if i wanted to change another USB for the router. can i do it?

Yes just run the install command again.

 

[jjulez]

Is there a list on which Asus this works on, i'm using RT-AC86U

 

[L&LD]

See the first post.

The RT-AC86U is supported by the current RMerlin firmware, v384.16_0.

 

[jjulez]

I am running Merlin,just wanted to make sure skynet works on the 86u

 

[KGB7]

Post the full debug info output along with any related messages in your syslog.

Select Debug Option:
[1] --> Show Log Entries As They Appear
[2] --> Print Debug Info
[3] --> Cleanup Syslog Entries
[4] --> SWAP File Management
[5] --> Backup Skynet Files
[6] --> Restore Skynet Files

[1-6]: 1

[*] Skynet Not Running - Exiting

admin@RT-AC68U:/tmp/home/root#


---------------------------------------------

Im going to do another full reinstall and get back to you with results.


edit;
Did a full reinstall and still running in to same exact issue.