YazFi YazFi interaction with Skynet ? ?

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

kernol

Very Senior Member
Trying to track down an interesting issue - Skynet is periodically reporting OUTbound blocks from the public ip of my RT-AC86U. This even after a full factory reset / rescue etc ... and no restores of old settings - plus fully formatted and replaced USB flash stick [so convinced there is no malware on the router which has NEVER been open to WAN and has very strong password.

May be clutching at straws - but occurred to me that just maybe my YazFi settings will obscure the local ip of Guests - and result in Skynet reporting the block as having come from the router itself rather than the ip of a malware infested guest device? Showing my ignorance no doubt - but that's why my avatar says whats on the tin o_O. Here's my YazFi setting for Guest ...
YazFi1.JPG

Skynet outbound blocking only seems to occur on the week days when a certain "guest/employee" hooks up to the guest wifi.
Could I be on the right track?
 

dave14305

Part of the Furniture
It’s probably from Unbound trying to query a server in a blocked IP range. What port was logged in the block?
 

kernol

Very Senior Member
It’s probably from Unbound trying to query a server in a blocked IP range. What port was logged in the block?

Can't tell port - I nuked Skynet and did fresh install before I saw your post - will watch for port next time but assume it would have been 53535.
Unbound would only go look for something if requested by a client or the router itself.

I thought I had eliminated the router itself as a culprit seeking malware sites after clean rebuilds - but when the requests came back on certain days of the week ... I thought it may be a guest client device and that Skynet could not report the actual guest device ip due to my YazFi settings - so reported it as the router's public ip?
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top