What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Yes I’m same as you, I also wouldn’t be worried to allow password authentication for ssh connections inside my trusted LAN especially since webui already allows it anyway. On my workstation I do use key authentication for ssh but I set that up only because I could, to learn how, and I turned off password authentication for ssh simply because I didn’t need it. If there was a compelling use for Siri shortcuts with the router I would allow it.

Honestly key based authentication isn’t any more convenient nor passwordless when you follow the best practice of creating an encrypted key that requires a password to use. That way if .ssh directory gets copied nobody could use it anyway. It was just a learning experience.
Accessing a remote server with key is standard, I would not leave password login enabled on my servers at the hosting center. But that's not what I meant with the Workstation. If it's a Windows or even Linux machine, one logs into it with a username and password, not a key on a USB stick to authenticate. There are exceptions of course. I'm sure RMS uses a similar way to unlock his Laptop.
 
The commands are very limited in Shortcuts. AFAIK there are no direct commands like rm -rf / or such devastating things.
I just use the Diversion commands available with 'diversion help', and maybe extend it for the iOS app use.


I'm using home-assistant to control my router remotely - should work with Alexa/Google Assistant integration as well.
It's just a switch to enable/disable firewall, adbock or vpn.



upload_2019-2-17_12-11-32.png

https://community.home-assistant.io/t/asuswrt-control-your-router-with-custom-switches/82351
 
Progress my friend.
Apart from that, Diversion uses the exact same hooks to enable ad-blocking as AB-Solution did. A few extra lines in dnsmasq.conf. That's all. I see no reason why Diversion would be different in any way than its predecessor was.
 
That involves a Giant I would not trust in my home. Certainly not when listening for voice commands. Siri is deactivated on all devices I have.
As I said should work.... I'm not using it for voice :)

Just a simple local web interface to simply activate/de-activate switches together with other smarthome switches
 
@thelonelycoder thanks entirely to your Diversion script I noticed a Mac was frequently contacting strange domains never before seen on the internet. It turned out to be very very infected with malware. No wonder it had slowed down. As I always say Macs are not immune if you’re reckless. The kid had installed python wine mono, then adobe flash-player stupid auto-clickers pirated-rom-emulators and other random pointless things which resided in a ton of buried clearly maliciously named directories (getfukt) and processes running at boot-time which refuse to be killed. They had tried and failed to secretly remove the viruses by themself.

So thank you Diversion, along with Skynet for its logs and IP blocking.
 
Accessing a remote server with key is standard, I would not leave password login enabled on my servers at the hosting center. But that's not what I meant with the Workstation. If it's a Windows or even Linux machine, one logs into it with a username and password, not a key on a USB stick to authenticate. There are exceptions of course. I'm sure RMS uses a similar way to unlock his Laptop.

Oh sorry I misunderstood you, I thought you asked if I login to the router from my workstation with a key. No I don’t login to my workstation with a physical key such as Yubikey or similar. I use password and also have fingerprint reader.
 
@thelonelycoder thanks entirely to your Diversion script I noticed a Mac was frequently contacting strange domains never before seen on the internet. It turned out to be very very infected with malware. No wonder it had slowed down. As I always say Macs are not immune if you’re reckless. The kid had installed python wine mono, then adobe flash-player stupid auto-clickers pirated-rom-emulators and other random pointless things which resided in a ton of buried clearly maliciously named directories (getfukt) and processes running at boot-time which refuse to be killed. They had tried and failed to secretly remove the viruses by themself.

So thank you Diversion, along with Skynet for its logs and IP blocking.

Wow. Proof that Macs do indeed need anti-virus. You’ve prompted me to properly explore the logging facilities.

You wrote, “I noticed a Mac was frequently contacting strange domains never before seen on the internet.” Was the malware actually making contact or was the request being intercepted thanks to the blocklist?
 
Last edited:
Accessing a remote server with key is standard, I would not leave password login enabled on my servers at the hosting center. But that's not what I meant with the Workstation. If it's a Windows or even Linux machine, one logs into it with a username and password, not a key on a USB stick to authenticate. There are exceptions of course. I'm sure RMS uses a similar way to unlock his Laptop.
Last time I worked with NASA folks, they had to insert their common access card into a card reader on their laptops, and supply a username/password combination in order to log in. :)
 
Wow. Proof that Macs do indeed need anti-virus. You’ve prompted me to properly explore the logging facilities.

You wrote, “I noticed a Mac was frequently contacting strange domains never before seen on the internet.” Was the malware actually making contact or was the request being intercepted thanks to the blocklist?

In my opinion you generally do not need antivirus software installed on MacOS, there are plenty of better ways and firewall softwares to lock down MacOS and enhance security.

It was making contact with the domains freely. I manually blacklisted them. I was just lucky they contacted frequently enough to appear in the stats and get my attention.
 
In my opinion you generally do not need antivirus software installed on MacOS, there are plenty of better ways and firewall softwares to lock down MacOS and enhance security.

It was making contact with the domains freely. I manually blacklisted them. I was just lucky they contacted frequently enough to appear in the stats and get my attention.
Many thanks. Yes, I see: you were indeed lucky to spot them, having, myself, seen how quickly such log entries can flash by. And all the more credit that you investigated and didn’t merely assume that, because they didn’t get blocked, they must be benign and non-malicious.

“there are plenty of better ways and firewall softwares to lock down macOS and enhance security.” eg not letting your kids within a mile of them?
 
Last edited:
Progress my friend.
Apart from that, Diversion uses the exact same hooks to enable ad-blocking as AB-Solution did. A few extra lines in dnsmasq.conf. That's all. I see no reason why Diversion would be different in any way than its predecessor was.
Yes, dnsmasq seems to create problem on 4.0.7 probably from higher resources need. I created SWAP. I hope that now, it will work. Never needed SWAP before (from AB-Solution until Diversion 4.0.5)
If it is still creating problems I will migrate the version 4.0.5 from other router AC88U which is not updated yet to 4.0.7
Thank you anyway for your work!
 
Many thanks. Yes, I see: you were indeed lucky to spot them, having, myself, seen how quickly such log entries can flash by. And all the more credit that you investigated and didn’t merely assume that, because they didn’t get blocked, they must be benign and non-malicious.

“there are plenty of better ways and firewall softwares to lock down macOS and enhance security.” eg not letting your kids within a mile of them?

:D Haha but nooooo, far better that (young) people use computers as often as possible to get experience... only so long as they’re prepared to learn how to keep safe. Yes it might be frustrating. The time to remove network access is when they protest and refuse to listen and learn or change their behaviors. Some people genuinely do not care or comprehend consequences. I recall one person wishing to ignore numerous antivirus scan results and keep a half dozen detected malwares on their PC because they “have everything set up the way they like it”. Unacceptable considering it was used to work at home after-hours on spreadsheets for a large business.
 
Last edited:
Hi,

I'm getting today this error when trying to access diversion.
Strange because everything was working just perfect, and amtm as well as diversion are up to date

Update: I've pasted the install command for diversion and now I can access it but pixelserv-tls now is not starting up at all.


3f341294d57e9c18e0f43a6fee1b5fe3.jpg


Sent from S.G. S9+ Duos
 
Last edited:
Hi,

I'm getting today this error when trying to access diversion.
Strange because everything was working just perfect, and amtm as well as diversion are up to date

Sent from S.G. S9+ Duos

Did you do a disk check on your USB drive? Looks like something is corrupted. If there is nothing wrong with the file system try to reinstall diversion again.
 
Did you try rebooting the router via the GUI? How about a hard reboot (pull the power plug and wait a few minutes before plugging it back in).
 
Hi, reading thru the FAQ, there seems to be conflicting info?

In question 4)
But in question 0)
Kinda confused, not sure which one to set ( leave WAN / DNS Blank or use custom DNS. )

Thanks!

In the LAN section you should set DNS Filtering to On and the Router as the Global Filter. That way, it doesn’t matter what the devices’ DNS settings are: such settings will be overridden and the device will be forced to go to the router to find out which DNS server it is to use. That way the device is also forced to have all its DNS requests “vetted” by Diversion.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top