Skynet Use Skynet to continue using infected device but block outbound traffic?

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

F-4Phantom

Occasional Visitor
I have a thermostat that is one of the notorious ones for getting hacked. The OEM completely stopped all support for it. It's a $700 thermostat, and I like it better than any other one on the market.

Unfortunately it constantly gets infected with malware and turned into part of a botnet. I've been able to temporarily overcome that in the past by flashing new firmware updates. But there are no further updates, and there is zero access to the low-level OS (Android). There is no option for factory reset. And even if there was, the OEM has it locked such that I'd have to call an HVAC company to come out and re-program it for my specific air handler and outdoor units.

I noticed it was sending 30+MB of traffic per day, so I've banned it from the router.

I'm wondering if I can use Skynet to specifically lock it down and blacklist all inbound and outbound traffic to that specific client, and then whitelist only the few IP's or domains that may be needed to restore normal connectivity. I can assign it a static IP if needed.

Is this feasible using Skynet and its logging? That seems like a better option that having to go through all the trouble to get Wireshark up and working and try tracing all the packets.
 

Morris

Senior Member
I have a thermostat that is one of the notorious ones for getting hacked. The OEM completely stopped all support for it. It's a $700 thermostat, and I like it better than any other one on the market.

Unfortunately it constantly gets infected with malware and turned into part of a botnet. I've been able to temporarily overcome that in the past by flashing new firmware updates. But there are no further updates, and there is zero access to the low-level OS (Android). There is no option for factory reset. And even if there was, the OEM has it locked such that I'd have to call an HVAC company to come out and re-program it for my specific air handler and outdoor units.

I noticed it was sending 30+MB of traffic per day, so I've banned it from the router.

I'm wondering if I can use Skynet to specifically lock it down and blacklist all inbound and outbound traffic to that specific client, and then whitelist only the few IP's or domains that may be needed to restore normal connectivity. I can assign it a static IP if needed.

Is this feasible using Skynet and its logging? That seems like a better option that having to go through all the trouble to get Wireshark up and working and try tracing all the packets.

Best would be to get on the device and route default to loopback
Then route specific IPs you want open to the gateway

Next I'd recommend traditional firewall rules

Happy Holidays,

Get a new stat!

Morris
 

L&LD

Part of the Furniture
An IoT device that is notorious for getting hacked? Isn't that all of them? :p

Those devices are not allowed on my network.

Merry Christmas and Happy New Year to new and old members alike!
 

Treadler

Very Senior Member
An IoT device that is notorious for getting hacked? Isn't that all of them? :p

Those devices are not allowed on my network.

Merry Christmas and Happy New Year to new and old members alike!

Yes!



& back at ya.......:)
 

F-4Phantom

Occasional Visitor
Sadly a new t-stat isn't an easy choice. My HVAC has variable speed everything, so that somewhat limits my choices. A Nest is not an option.

I do at least have all my IoT devices segregated on a guest wifi with no access to the rest of the network. I really liked the option in YazFi that allowed me to isolate all IoT devices from each other.
 

F-4Phantom

Occasional Visitor
Best would be to get on the device and route default to loopback
Then route specific IPs you want open to the gateway

Next I'd recommend traditional firewall rules

Happy Holidays,

Get a new stat!

Morris

Could you please explain that in a bit more detail?

Are you suggesting that I route all the device traffic to the router's internal loopback? I have no access to the internals of the device itself.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top