Skynet Installing Skynet causes router to crash and reboot

[ovancantfort]

Hello,

I encountered a problem some days ago where Entware and Diversion kept disappearing with errors about read-only filesystem. I thought the old USB key i was using may have become defective. Bought another one, reset AMTM with all scripts delete and proceeded to reinstall.
The problem I now face is that every time I try to install Skynet, first amtm shell becomes really sluggish and after a few minutes, my RT-AX58U crashes and reboots. If I leave it like this, it will enter a loop of booting and then crashing after a few minutes. I need to remove the USB key to prevent Skynet from loading to get it back to work.
I am a bit reluctant to reset to factory defaults as I don't have time to spend to to reconfigure everything at the moment. So, I was wondering if there was anything I could check or do before going to such hard measure.
In the system log, the last lines before the reboot are just the firewall start:
Feb 17 18:53:53 rc_service: service 12325:notify_rc restart_firewall
Feb 17 18:53:53 custom_script: Running /jffs/scripts/service-event (args: restart firewall)
Feb 17 18:53:53 custom_script: Running /jffs/scripts/firewall-start (args: ppp0)

Any idea ?

Thanks for your input!

 

[ovancantfort]

I pinpointed the problem. The router crashes when Skynet tries to import the AI Protect ban list. Disabling this option in settings stops the crashing loop.
Now, the question is why does it happen ?

 

[Tech9]

Now, the question is why does it happen ?

The person who knows Skynet best is the author himself - @Adamm.

Information about what else is running on this router may be helpful.

 

[Viktor Jaep]

I pinpointed the problem. The router crashes when Skynet tries to import the AI Protect ban list. Disabling this option in settings stops the crashing loop.
Now, the question is why does it happen ?

It's not really worth all the effort to run this buggy AiProtect stuff on your router. I've turned mine off years ago (don't forget to back out of the eula as well), which in turn makes your router happier and faster.

 

[Quoc Huynh]

It's not really worth all the effort to run this buggy AiProtect stuff on your router. I've turned mine off years ago (don't forget to back out of the eula as well), which in turn makes your router happier and faster.

May I ask do you use any alternatives for AiProtection, apart from Diversion or Skynet? Because I am behind a CG-NAT Internet service provider, thus Skynet seems not to have much benefits to me

 

[Tech9]

Your Skynet behind another router with perhaps all ports from WAN closed is eating only your router's resources. With todays encrypted data AiProtection works more like URL filter. It can't see what's inside the packets. Some say it may protect you from other internal threats, but with signatures updated once per month this may never happen. One thing for sure - Trend Micro will get whatever they need from you. Their data collection daemon starts running the moment you activate any Trend Micro engine features.

 

[Quoc Huynh]

Your Skynet behind another router with perhaps all ports from WAN closed is eating only your router's resources. With todays encrypted data AiProtection works more like URL filter. It can't see what's inside the packets. Some say it may protect you from other internal threats, but with signatures updated once per month this may never happen. One thing for sure - Trend Micro will get whatever they need from you. Their data collection daemon starts running the moment you activate any Trend Micro engine features.

Thank you so much for clarifying it @Tech9! I will turn off AiProtection and use other methods for online protection, such as Diversion and DNSSEC, etc.

 

[Viktor Jaep]

May I ask do you use any alternatives for AiProtection, apart from Diversion or Skynet? Because I am behind a CG-NAT Internet service provider, thus Skynet seems not to have much benefits to me

Skynet would actually be beneficial in your case when it comes to outbound blocking. Sure, it doesn't help with inbound traffic, but you could still be utilizing very good blocklists and/or country lists of hosts that you don't want your clients or devices to be able to get to. I think that's one of Skynet's best features.

But yes, Diversion and Skynet are must-haves to weed out a lot of potential bad sites. From there, making sure your router is exposing no ports to the internet (I think you're good there too), turning off any and all router services that you don't need to minimize the attack landscape, and using best practices on your devices within the network... having multiple layers of good (paid) anti-virus/malware tools in place, frequent automatic updates, no admin credentials (yes, wife and kids live under these rules as well), MFA everything, complex-unique-password everything with password management tools, etc.

 

[Tech9]

I will turn off AiProtection

You don't have to. The data it collects is anonymous. At least this is what they promise. You'll be one of the millions around using their free services and they'll use the data to improve their commercial services. It's very similar to the many antivirus and antimalware "free" tools. You eventually get what you need and pay with your data. It's neither good or bad - this is how it works and it's been like this for years for all similar products. One thing I don't like - Asus doesn't tell in advertisements most of the interesting firmware features are actually provided by 3rd party company and require data sharing agreement. This is wrong. The users find how it works only after the purchase.

 

[Quoc Huynh]

Skynet would actually be beneficial in your case when it comes to outbound blocking. Sure, it doesn't help with inbound traffic, but you could still be utilizing very good blocklists and/or country lists of hosts that you don't want your clients or devices to be able to get to. I think that's one of Skynet's best features.

But yes, Diversion and Skynet are must-haves to weed out a lot of potential bad sites. From there, making sure your router is exposing no ports to the internet (I think you're good there too), turning off any and all router services that you don't need to minimize the attack landscape, and using best practices on your devices within the network... having multiple layers of good (paid) anti-virus/malware tools in place, frequent automatic updates, no admin credentials (yes, wife and kids live under these rules as well), MFA everything, complex-unique-password everything with password management tools, etc.

Thank you so much for your comprehensive advice @Viktor Jaep. I really appreciated that!
Yeah, having updated and well-maintained lists is one of significant factors for me when considering between Skynet and AiProtection. Actually I used Skynet before, however, when realizing that it only blocked inbound traffic (as I was behind CG-NAT) and caused some conflicting issues, I removed it from the router. Recently, after reading new posts about Skynet, especially your advice of buggy, "URL filter" characteristics and slow signature update (thanks to @Tech9) of AiProtection, I decide to try it one more time.
Regarding my devices, all of them have commercial antivirus softwares and auto update turning on. Moreover, I am so scared of the "wild" Internet and arising malwares out there that I do not allow access from WAN to my router at all. My fianceé doesn't like to involve in technical things, so my router is still safe until she may change her mind lately The only things left are few weak passwords which will be edited after this post

 

[Quoc Huynh]

You don't have to. The data it collects is antonymous. At least this is what they promise. You'll be one of the millions around using their free services and they'll use the data to improve their commercial services. It's very similar to the many antivirus and antimalware "free" tools. You eventually get what you need and pay with your data. It's neither good or bad - this is how it works and it's been like this for years for all similar products. One thing I don't like - Asus doesn't tell in advertisements most of the interesting firmware features are actually provided by 3rd party company and require data sharing agreement. This is wrong. The users find how it works only after the purchase.

Thank you very much for your explanation @Tech9! Although I am not too serious about data collection from big firms, I have decided to replace AiProtection with Skynet. Hopefully it is more stable and less conflicting at the moment. In terms of Asus "transperancy", I totally agree with you. They should announce it on their website so that customers can have more information about their privacy before purchasing Asus routers.

 

[aru]

Based on my understanding, Skynet & Diversion processing on the local router tends to provide better stability in network responsiveness. However, when using AiProtection, agreeing to the corresponding data transmission agreement is required. Any internet-related information needs to be uploaded to the cloud for analysis before being sent back to the router. This round-trip process may slightly impact network response time, albeit feeling quite minor. If there is congestion on the cloud server, it raises the question of whether it would also cause fluctuations in the router's internet experience. If there are any inaccuracies, I appreciate the correction from experts with detailed knowledge.

 

[Tech9]

I have decided to replace AiProtection with Skynet

They do different things in a different way. Skynet is not AiProtection replacement. In your case an IP-blocker as Skynet can be used as self-limiting tool outbound. All inbound unsolicited connections are already blocked by your built-in firewall or the firewall of your ISP router upstream. Running AiProtection is better. Although it's not a true IDS/IPS (and it can't be on this hardware regardless of advertisements) it can catch the obvious in some unencrypted packets and block URLs for encrypted.

 

[Quoc Huynh]

They do different things in a different way. Skynet is not AiProtection replacement. In your case an IP-blocker as Skynet can be used as self-limiting tool outbound. All inbound unsolicited connections are already blocked by your built-in firewall or the firewall of your ISP router upstream. Running AiProtection is better. Although it's not a true IDS/IPS (and it can't be on this hardware regardless of advertisements) it can catch the obvious in some unencrypted packets and block URLs for encrypted.

Thank you again for your explanation @Tech9. I thought AiProtection is the same IP-blocker as Skynet but it is not. May I clarify that I should run AiProtection together with Skynet, is it correct?

 

[Kingp1n]

Thank you again for your explanation @Tech9. I thought AiProtection is the same IP-blocker as Skynet but it is not. May I clarify that I should run AiProtection together with Skynet, is it correct?

I've used Diversion, Skynet with AiProtect enabled for quite sometime without any issues. With all the info provided here, with the pros/cons, you must decide what's best in your environment! Best of luck!

Poll: Do you use AiProtection in your ASUS router?

Poll (see above): Do you use AiProtection in your ASUS router? OE

www.snbforums.com

 

[Tech9]

May I clarify that I should run AiProtection together with Skynet, is it correct?

If you don't want to limit your outbound connections - you don't need Skynet. Your WAN is behind NAT with private IP address. Also keep in mind Skynet is IPv4 only. Of you have IPv6 enabled your clients will go around it via IPv6. Before making decisions you have to know how things work. Don't copy someone else's configuration or ideas.

 

[Viktor Jaep]

Before making decisions you have to know how things work. Don't copy someone else's configuration or ideas.

To each their own... and I totally respect your individual choices. Personally, I think AiProtection is a bit of a privacy threat... Here's some more info on the information it "might" collect when you have this feature turned on:

• Product information, such as MAC address, device ID
• Public IP address of the user’s gateway to the internet
• Mobile/PC environment
• Metadata from suspicious executable files
• URLs, Domains and IP addresses of websites visited
• Metadata of user/device managed by gateway Product
• Application behaviours
• Personal information contained within email content or files to which Trend Micro is provided access
• Behaviours of Product users
• Information from suspicious email, including sender and receiver email address, and attachments
• Detected malicious file information
• Detected malicious network connection information
• Debug logs
• Network Architecture/Topology
• Screen capture of errors

Yes, there’s quite a bit of info that can be collected by Trend Micro and you need to agree to it, so their services can work, which are described in detail here:

• Analyse data sent to/from the user’s device to isolate and identify threats, vulnerabilities, suspicious activity and attacks;
• Assess the reputation of a website, email sender’s IP address, device or file to advise the user on whether access should be granted;
• Analyse email to protect against spam, impersonation and other suspicious content;
• Virus protection;
• Intrusion detection, prevention and protection;
• Threat prevention and prediction;
• Network defence;
• Sand box testing (for certain cloud products);
• Storage of emails for back up purposes (certain cloud products);
• Identify, block and/or remove applications, messages, and files that may compromise productivity or the performance and security of computers, systems, and/or networks;
• Identify sources and methods of targeted attacks; and
• Deliver updated protection against malicious threats.

The collected information can also be used for other purposes such as:

• Internal record keeping;
• Compliance with the law and requests from government bodies;
• Product and Service development;
• Keeping existing and past Customers informed about our Products, Services and promotions;
• Providing Customer support;
• Managing subscriptions and billing; and
• Responding to requests, questions and comments.

"Lastly, it’s worth taking a look at with whom is Trend Micro sharing your data. From the Privacy notice, it seems that some data can be shared but only in relation to provide or receive certain services which can include technical support, hosting cloud services, shipping and customer research. The last is a bit ambiguous but overall, it doesn’t seem that Trend Micro will sell your data to ad companies, that’s something that other bigger players are well known to practice and yes, I am talking about Google, Facebook and other social media websites (funny enough, Microsoft and Apple can also be included in this list)."

Article that does a deepdive here...

So yeah... not a huge fan over here. That's why it's off. I already share enough.

 

[Tech9]

So yeah... not a huge fan over here.

I don't have anything running Trend Micro engine. @Quoc Huynh will be running it, eventually.

 

[Quoc Huynh]

Be relaxing guys Since having issues with Skynet before and paying attention to cyber security, I just want to gather more information before making my mind Thank you for mentioning about IPv6 @Tech9. I actually have it enabled in my network. After all, each of them has its pros and cons, as well as different way of action. Thus, I should consider my preferences and choose the more appropriate one to use.

P/s: As you said @Viktor Jaep, I recognise that websites are loaded faster and more responsive when disabling AiProtection.

 

[Viktor Jaep]

Be relaxing guys Since having issues with Skynet before and paying attention to cyber security, I just want to gather more information before making my mind Thank you for mentioning about IPv6 @Tech9. I actually have it enabled in my network. After all, each of them has its pros and cons, as well as different way of action. Thus, I should consider my preferences and choose the more appropriate one to use.

P/s: As you said @Viktor Jaep, I recognise that websites are loaded faster and more responsive when disabling AiProtection.

All in good sport! I want you to make the right choice for your environment/preferences, and I'm sure @Tech9 does too. Also, many times you might have enabled IPv6 on your router or internal devices, but your ISP doesn't support it. Make sure you check with them.