What's new

YazFi YazFi interaction with Skynet ? ?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

kernol

Very Senior Member
Trying to track down an interesting issue - Skynet is periodically reporting OUTbound blocks from the public ip of my RT-AC86U. This even after a full factory reset / rescue etc ... and no restores of old settings - plus fully formatted and replaced USB flash stick [so convinced there is no malware on the router which has NEVER been open to WAN and has very strong password.

May be clutching at straws - but occurred to me that just maybe my YazFi settings will obscure the local ip of Guests - and result in Skynet reporting the block as having come from the router itself rather than the ip of a malware infested guest device? Showing my ignorance no doubt - but that's why my avatar says whats on the tin o_O. Here's my YazFi setting for Guest ...
YazFi1.JPG

Skynet outbound blocking only seems to occur on the week days when a certain "guest/employee" hooks up to the guest wifi.
Could I be on the right track?
 
It’s probably from Unbound trying to query a server in a blocked IP range. What port was logged in the block?
 
It’s probably from Unbound trying to query a server in a blocked IP range. What port was logged in the block?

Can't tell port - I nuked Skynet and did fresh install before I saw your post - will watch for port next time but assume it would have been 53535.
Unbound would only go look for something if requested by a client or the router itself.

I thought I had eliminated the router itself as a culprit seeking malware sites after clean rebuilds - but when the requests came back on certain days of the week ... I thought it may be a guest client device and that Skynet could not report the actual guest device ip due to my YazFi settings - so reported it as the router's public ip?
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top