Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. V

    [Release] Asuswrt-Merlin 380.68 is available

    I do, time to time. This is something with kernel and there is no solution other then restart router.
  2. V

    Yet another malware block script using ipset (v4 and v6)

    You can use next command to monitor malware packets been dropped iptables -vL -t raw If you see chain pkts counter goes up that means your firewall is doing it's thing.
  3. V

    Yet another malware block script using ipset (v4 and v6)

    For the Foscam cameras - they like to keep "heart bit" thingy for the cloud services, kinda thing Foscam using for it's application in order to connect through their hosted server. And it's impossible to turn it off through Foscam UI. Sure thing to block this shady behavior is to not specify...
  4. V

    [Release] Asuswrt-Merlin 380.68 is available

    @Pir8pete Looks like your are leeching and 1900 router does not like it :). Jokes aside, try different router (with more pedigree).
  5. V

    Yet another malware block script using ipset (v4 and v6)

    Also, let's make time when our routers will hit the firehol server for the updates a bit random. Imaging if thousands clients hitting firehol server at exact same time like 0:00 then 6:00 then 12:00 then 18:00. It will look like DoS attack. At least put some random minutes number into your...
  6. V

    Yet another malware block script using ipset (v4 and v6)

    Just tested it and it's working : https://www.snbforums.com/threads/yet-another-malware-block-script-using-ipset-v4-and-v6.38935/page-22#post-348147 Question is this permanent solution, maybe not. Well, anyway we will see.
  7. V

    Yet another malware block script using ipset (v4 and v6)

    We need to find new URLs for ip block list. I guess we have hammered github with read requests and administration does not like it and blocked the repository. PS: well, looks like it's not us reading too much it's automatic script updates lists too often. They contacted Github and waiting on...
  8. V

    AC68U Core 1 or 2 goes 100% after a couple weeks

    Again, there is nothing to see in top command except that one core stuck with high IO.
  9. V

    AC68U Core 1 or 2 goes 100% after a couple weeks

    I have the same issue with AC87R and 380.68. It something with disk IO, somewhere in kernel. There is nothing unusual to see in TOP command other that one CPU is waiting/looping/got stuck on IO. PS: I have an impression that Web UI is kinda facilitated/triggered that bug. Or maybe it got stuck...
  10. V

    Yet another malware block script using ipset (v4 and v6)

    I'm using Merlin's firmware. I'm not familiar with Tomato but looks like in your version there is no iptables-save command. You can ignore the first error, this is just a wget reporting on commented line with level4 list. Then we see script fetched 47k ip list, so this part is working fine...
  11. V

    Yet another malware block script using ipset (v4 and v6)

    Nice job, you are deleting block set from iptables but you forgeting about actual ipset destroying its unused named set.
  12. V

    [Release] Asuswrt-Merlin 380.68 is available

    Looks like the same problem I had: https://www.snbforums.com/threads/ac-rt87r-on-380-68-high-cpu-utilization.41055/ PS: after such event, I usually just delete traffic.db from jffs and let it rebuild again.
  13. V

    AC-RT87R on 380.68 high CPU utilization

    One core stuck at 100%. Does not happened too often. In fact it's third time in a months. Usually router would run for weeks without reboot. Top command shows 50%IO - so looks like CPU got stuck waiting on disk IO. I have external SSD which is used by FTP daemon but when I have unmounted it...
  14. V

    Yet another malware block script using ipset (v4 and v6)

    When previously some "BAD" IP will become "GOOD" one, maybe due to time or other criteria, your router will still treat it as "BAD" until next "overfill" or router reboot. As for me, it's like good reputation - one have to treasure it from the very beginning :).
  15. V

    Yet another malware block script using ipset (v4 and v6)

    Your curl output command with commented out URL as expected - meaning no IP list are downloaded from that URL. Those level1,2,3 and 4 URLs are sources for YAMB block list which later aggregated into YAMalwareBlock 1, 2, 3 etc. lists. YAMB single set cannot hold more then 65k addresses, so it...
  16. V

    Yet another malware block script using ipset (v4 and v6)

    @redhat27, btw, there is small bug in your script. When block IP count goes above 65k you are creating YAMalwareBlock2IP etc. BUT, when other days IP count stays below 65k those YAMalwareBlock2IP, ...3IP etc. sets are still active in drop chain and did not get deleted. I guess this is no biggy.
  17. V

    Yet another malware block script using ipset (v4 and v6)

    That's perfectly normal... This output shows that out of default .urls file with level4 commented out you ONLY have 55323 IP addresses to block this particular time. So, 55323 < 65535 - this way you will have ONLY one YAMalwareBlock1IP active... Some days, when sources IP count goes more then...
  18. V

    Yet another malware block script using ipset (v4 and v6)

    Update: Found false positives which is pretty important for households with Nintendo Switch and kids. It' s block of IPs somehow connected with Nintendo's parental control. If you care you should add it into /jffs/ipset_lists/ya-malware-block.whites. 216.239.32.21 216.239.34.21 216.239.36.21...
  19. V

    [Release] Asuswrt-Merlin 380.67 is now available

    Your AC66U has normal temps even on stock cooling. On other hand, AC87 model is notorious with overheating. So, I was wondering if Andyf66's AC87 router instability can be attributed to high temperatures. My AC87 has lower temps due to active cooling and I did not mingle with DHCP lease time...
  20. V

    Yet another malware block script using ipset (v4 and v6)

    After using this script for a bit longer than a day - I feel lonely... No more scrip-kiddies from all over the world trying to brute-force me :). Before it was like 10 - 30 different IP's. Looks like quality of block lists by FireHOL is really good. So far I have no false positives (using...
Top