Skynet Skynet security issue: Causing denial of service

[agilani]

ok, it's not letting me edit it

this the actual command to whitelist the ip address that microcenter resolved to for me

firewall whitelist ip 66.194.187.21

 

[Morris]

...since Adamm isn't around...

start by checking your logs and see what the ip block is for the sites that are being blocked and whitelist the ip range

for example, the system log shows outgoing block for x.x.x.x ip address

check and see why its being blocked in skynet

from ssh in the router
"firewall stats search ip x.x.x.x"

it will tell you why skynet is blocking the ip or range

goto myip.ms and see who owns the block and which country or region
check the IP block to see who owns it and the region its from and the range
"https://myip.ms/info/whois/x.x.x.x"

and finally whitelist it if you must
whitelist the ip address or range
"firewall whitelist ip 66.194.187.21"


if you are going to drive a car, you are going to learn how to drive and get a license. We will be testing you on you skynet knowledge when you reach level 2




Here is the exact solution for your problem:

ping www. microcenter.com shows it resolves to 66.194.187.21 (or you can check your logs as i said above)

checking skynet for why its being blocked
admin@RT-AC88U-17F0:/tmp/home/root# firewall stats search ip 66.194.187.21

the result...

blah...blah...blah

Blacklist Reason;
"BanMalware: firehol_level3.netset"

it was blocked because it was reported as malicious by firehol level 3 ipset. Now you can either try to get it removed from the ipset, or you can just whitelist it yourself. Your choice

firewall whitelist ip 175.115.37.52

or remove firehol level 3 as a source if you don't like what they are reporting


either way its really not skynet which is causing the problem

Frankly, I checked for the block using he shell script and white listed the IP. I don't recall seeing the shell script show the list that was blocking it though it may have.

Now, why was did Firehol Level 3 block the IP, what QA do they do before blocking an IP? I visited there site and did not see this.

Thank you,

Morris

 

[Morris]

ok, it's not letting me edit it

this the actual command to whitelist the ip address that microcenter resolved to for me

firewall whitelist ip 66.194.187.21

You can white list it from the skynet script if you ssh in. Just follow the menue.

Morris

 

[joe scian]

Hi Adam

getting this message when trying to install skynet after de-installing skynet.
This installs Skynet - Router Firewall & Security Enhancements
on your router.

Author: Adamm
https://www.snbforums.com/threads/16798
_____________________________________________

Continue? [1=Yes e=Exit] 1

Warning: Kernel support protocol versions 6-6 while userspace supports protocol versions 6-7
Warning: Kernel support protocol versions 6-6 while userspace supports protocol versions 6-7
Skynet install failed,
IPSet version on router not supported:

ipset v7.6, protocol version: 7

 

[Treadler]

Hi Adam

getting this message when trying to install skynet after de-installing skynet.
This installs Skynet - Router Firewall & Security Enhancements
on your router.

Author: Adamm
https://www.snbforums.com/threads/16798
_____________________________________________

Continue? [1=Yes e=Exit] 1

Warning: Kernel support protocol versions 6-6 while userspace supports protocol versions 6-7
Warning: Kernel support protocol versions 6-6 while userspace supports protocol versions 6-7
Skynet install failed,
IPSet version on router not supported:

ipset v7.6, protocol version: 7

Same here on AX88U.
I ‘think’ looking @ GitHub, there might be a fix coming via Merlin.......

 

[joe scian]

Installing via below does not cause the error above in post 24. Only if you try to install using amtm do you get this error. Very strange.
/usr/sbin/curl -s "https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/master/firewall.sh" -o "/jffs/scripts/firewall" && chmod 755 /jffs/scripts/firewall && sh /jffs/scripts/firewall install

 

[Treadler]

Installing via below does not cause the error above in post 24. Only if you try to install using amtm do you get this error. Very strange.
/usr/sbin/curl -s "https://raw.githubusercontent.com/Adamm00/IPSet_ASUS/master/firewall.sh" -o "/jffs/scripts/firewall" && chmod 755 /jffs/scripts/firewall && sh /jffs/scripts/firewall install

Great work! Why didn’t I think of that!
Just stupid, I guess.

 

[SomeWhereOverTheRainBow]

I appreciate your testing for me. The Windows Updates sat like that for days and as soon as I white listed the IP the download started. I've seen Windows Updates pause as well yet never like this.

do you use diversion?. Sometimes there are list used that block windows update at the DNS level. If this is the case, you will not see it with skynet, however by whitelisting the domain in diversion, the issue goes away. This is what i experienced when i had windows update issues.

 

[Morris]

do you use diversion?. Sometimes there are list used that block windows update at the DNS level. If this is the case, you will not see it with skynet, however by whitelisting the domain in diversion, the issue goes away. This is what i experienced when i had windows update issues.

No I do not use Diversion and the issue was clearly Skynet as I cleared the issue by whitelisting the IP that it was blocking. A this was a while ago and I've had multiple false positives using skynet and the recommended lists, I've abandoned it and now use AI protection + DNS black lists and have not had a single false positive or infection (that I'm aware of). As this method is also much easier to monitor I'm much happier.

 

[EmeraldDeer]

My recommendation is

# firewall banmalware exclude firehol_level3.netset

 

[Morris]

My recommendation is

# firewall banmalware exclude firehol_level3.netset

I tried that before giving up on skynet. Commercial services do a much better job of maintaining there lists

Morris