Skynet New Skynet 7.6.3 Release

[visortgw]

@visortgw
I hear what you are saying, but before I do that I would like to understand why in my old situation everything worked perfect, and after the installation of my new Asus router it doesn't, could you possibly explain this to me

It is possible that your ISP reverted to the default modem configuration when you changed MAC address by replacing the router.

 

[Toby the Cat]

Maybe you made some configurations on the cable modem to forward all traffic to the IP of the old router, which would probably be different now due to a new Asus MAC address. It’s not the router. Something with the cable modem needs changing, probably because the router is not the same physical device as before.

@dave14305
Your remark together with @visortgw made me think, what would happen when I put the IP from my RT-AX88U Pro in the cable router DMZ....

And look what's happening

My old RT-AC86U was never in the DMZ in my cable modem, I have idea why, but at least the logfile is filling with data, one happy customer

Below the stats via Skynet interface in AMTM, in the router webinterface the logfile is still 0 bytes but I think that will soon change

THANK YOU ALL VERY MUCH !!!

Select Stat Option:
[1] --> Display
[2] --> Search
[3] --> Remove
[4] --> Reset

[1-4]: 1

Show Top x Results:
[1] --> 10
[2] --> 20
[3] --> 50
[4] --> Custom

[1-4]: 1

Show Packet Type:
[1] --> All
[2] --> TCP
[3] --> UDP
[4] --> ICMP

[1-4]: 1

[$] /jffs/scripts/firewall stats 10


=============================================================================================================


Logging Data Detected in /tmp/mnt/Skynet_fire/skynet/skynet.log - 4.0K
Monitoring From Feb 5 18:57:45 To Feb 5 18:58:55
5 Block Events Detected
5 Unique IPs
0 Manual Bans Issued


=============================================================================================================


Top 10 Targeted Ports (Inbound);


-------- | -------- | --------------
| Hits | | | Port | | | SpeedGuide |
-------- | -------- | --------------

1x | 61258 | https://www.speedguide.net/port.php?port=61258
1x | 53413 | https://www.speedguide.net/port.php?port=53413
1x | 4999 | https://www.speedguide.net/port.php?port=4999
1x | 4433 | https://www.speedguide.net/port.php?port=4433
1x | 20002 | https://www.speedguide.net/port.php?port=20002


=============================================================================================================


Top 10 Attacker Source Ports (Inbound);


-------- | -------- | --------------
| Hits | | | Port | | | SpeedGuide |
-------- | -------- | --------------

1x | 58068 | https://www.speedguide.net/port.php?port=58068
1x | 47714 | https://www.speedguide.net/port.php?port=47714
1x | 47366 | https://www.speedguide.net/port.php?port=47366
1x | 46909 | https://www.speedguide.net/port.php?port=46909
1x | 13111 | https://www.speedguide.net/port.php?port=13111


=============================================================================================================


Last 10 Unique Connections Blocked (Inbound);


-------------- | -------------- | --------------
| IP Address | | | AlienVault | | | Ban Reason |
-------------- | -------------- | --------------

185.161.248.120 (RU) | https://otx.alienvault.com/indicator/ip/185.161.248.120 | BanMalware: firehol_level3.netset
167.248.133.139 (US) | https://otx.alienvault.com/indicator/ip/167.248.133.139 | BanMalware: firehol_level3.netset*
94.102.61.41 (NL) | https://otx.alienvault.com/indicator/ip/94.102.61.41 | BanMalware: et_block.netset*
91.92.252.208 (NL) | https://otx.alienvault.com/indicator/ip/91.92.252.208 | *
165.22.209.194 (IN) | https://otx.alienvault.com/indicator/ip/165.22.209.194 | BanMalware: firehol_level3.netset


=============================================================================================================


Last 10 Unique Connections Blocked (Outbound);


-------------- | -------------- | --------------
| IP Address | | | AlienVault | | | Ban Reason |
-------------- | -------------- | --------------



=============================================================================================================


Last 10 Manual Bans;


-------------- | -------------- | --------------
| IP Address | | | AlienVault | | | Ban Reason |
-------------- | -------------- | --------------



=============================================================================================================


Last 10 Unique HTTP(s) Blocks (Outbound);


-------------- | -------------- | --------------
| IP Address | | | AlienVault | | | Ban Reason |
-------------- | -------------- | --------------



=============================================================================================================


Top 10 HTTP(s) Blocks (Outbound);


-------- | -------------- | -------------- | --------------
| Hits | | | IP Address | | | AlienVault | | | Ban Reason |
-------- | -------------- | -------------- | --------------



=============================================================================================================


Top 10 Blocks (Inbound);


-------- | -------------- | -------------- | --------------
| Hits | | | IP Address | | | AlienVault | | | Ban Reason |
-------- | -------------- | -------------- | --------------

1x | 94.102.61.41 (NL) | https://otx.alienvault.com/indicator/ip/94.102.61.41 | BanMalware: et_block.netset*
1x | 91.92.252.208 (NL) | https://otx.alienvault.com/indicator/ip/91.92.252.208 | *
1x | 185.161.248.120 (RU) | https://otx.alienvault.com/indicator/ip/185.161.248.120 | BanMalware: firehol_level3.netset
1x | 167.248.133.139 (US) | https://otx.alienvault.com/indicator/ip/167.248.133.139 | BanMalware: firehol_level3.netset
1x | 165.22.209.194 (IN) | https://otx.alienvault.com/indicator/ip/165.22.209.194 | BanMalware: firehol_level3.netset


=============================================================================================================


Top 10 Blocks (Outbound);


-------- | -------------- | -------------- | --------------
| Hits | | | IP Address | | | AlienVault | | | Ban Reason |
-------- | -------------- | -------------- | --------------



=============================================================================================================


Top 10 Blocked Devices (Outbound);


-------- | ------------ | ---------------
| Hits | | | Local IP | | | Device Name |
-------- | ------------ | ---------------



=============================================================================================================


[#] 33502 IPs (+0) -- 2512 Ranges Banned (+0) || 5 Inbound -- 0 Outbound Connections Blocked! [stats] [5s]

 

[Toby the Cat]

 

[dave14305]

but at least the logfile is filling with data, one happy customer

Glad that you’re now happy to have your router under direct attack by the interweb!

 

[Toby the Cat]

Glad that you’re now happy to have your router under direct attack by the interweb!

OK maybe I cheered to soon, is my attempt with the DMZ stupid ... ?

I was so happy to see entry's in the log :-(

 

[dave14305]

OK maybe I cheered to soon, is my attempt with the DMZ stupid ... ?

I was so happy to see entry's in the log :-(

Is there any reason you are unable/unwilling to put the ISP gateway in bridged mode? Is there a benefit keeping it in router mode? You had the ISP device acting as an extra shield from the internet. Sure, it created a double NAT situation for your network, but that’s not the end of the world unless you want to access the router or the LAN remotely (VPN, port forwards, etc.).

 

[Toby the Cat]

Is there any reason you are unable/unwilling to put the ISP gateway in bridged mode? Is there a benefit keeping it in router mode? You had the ISP device acting as an extra shield from the internet. Sure, it created a double NAT situation for your network, but that’s not the end of the world unless you want to access the router or the LAN remotely (VPN, port forwards, etc.).

I understand that putting the cable modem in bridge mode may be the only solution to get this working, I can't call them right now, I will remove the DMZ entry and let them put the cable modem in bridge mode tomorrow morning

Thank you all for your patience with me

 

[aru]

Skynet tool has enlightened me about the terrifying reality of relentless and indiscriminate online bot attacks, operating 24/7. It seems like such tools have become essential software installations for routers. I appreciate the author for dedicating valuable time to develop and provide such a practical tool.

 

[visortgw]

Skynet tool has enlightened me about the terrifying reality of relentless and indiscriminate online bot attacks, operating 24/7. It seems like such tools have become essential software installations for routers. I appreciate the author for dedicating valuable time to develop and provide such a practical tool.

View attachment 56235

That number of outbound blocks indicates that you need to do some housecleaning yourself!

 

[Viktor Jaep]

That number of outbound blocks indicates that you need to do some housecleaning yourself!

Hold my beer... These stats are totals over a span of just 7hrs.

In short, this "Outbound Blocks" number is artificially inflated because of my country blocks affecting Unbound... all throughout the day, apps/services and my notorious Chinese vacuum bot are trying to reach Chinese servers and trying every known Chinese DNS server to get there... but in general, I'd say a good 98+% of these are blocked DNS servers in blocked countries.

 

[aru]

This reminds me of the various IoT devices in my home, such as the robotic vacuum cleaner, smart switches, smart meter, Wi-Fi cameras, and Android devices. If any of these devices consistently and frequently connect to suspicious URLs, the Skynet tool has already proactively blocked them. I can easily identify which device is causing trouble through the generated reports. However, I may not be entirely certain whether the activities of these devices align with expected behavior, such as checking for updates, transmitting logs to enhance user experience, or obtaining app management authorization.

 

[John Fitzgerald]

Skynet 7.5.7 has been released.

 

[John Fitzgerald]

Skynet 7.5.8 has been released.

also: Display IOT blocking allowed ports and protocols in menu

 

[karateca]

Hi, excuse me, sorry am new in this, but i want know how can access to my ddns, cuz i see the skynet blocking the connection to ddns. And the second question is how unlock too the vpn. Maybe its some manual there but i dont found, if someone can help me, thx!.

 

[Makaveli]

Just updated Skynet!

 

[heinz]

Hold my beer... These stats are totals over a span of just 7hrs.

View attachment 56236

In short, this "Outbound Blocks" number is artificially inflated because of my country blocks affecting Unbound... all throughout the day, apps/services and my notorious Chinese vacuum bot are trying to reach Chinese servers and trying every known Chinese DNS server to get there... but in general, I'd say a good 98+% of these are blocked DNS servers in blocked countries.

Torrents? I'm thinking they cause a lot of outbound traffic?

 

[Viktor Jaep]

Torrents? I'm thinking they cause a lot of outbound traffic?

Nope, just bad IoT trying to call home.

 

[aru]

Hi, excuse me, sorry am new in this, but i want know how can access to my ddns, cuz i see the skynet blocking the connection to ddns. And the second question is how unlock too the vpn. Maybe its some manual there but i dont found, if someone can help me, thx!.

You can go to the developer's homepage from the plugin directory list that Viktor Jaep took the valuable time to organize, where you should be able to find the information you need.

Asuswrt-Merlin Addon Software Catalog

Asus-Merlin Addon Software Catalog This sticky post functions as a software catalog (with links to threads, scripts, and author names), grouped by functionality, to make it easier for Asus-Merlin users to find and install addons for their Asus routers without having to search through massive...

www.snbforums.com

 

[danlat1415]

Skynet has started blocking Reddit for me.
Anyone else having this?
I thought it was Diversion at first, went through playing around with that, disabling it didn't work, so turned it back on.
Disabled Skynet and Reddit works first.
I re-enable Skynet and Reddit gets blocked again.

Anyone know how to fix this so I can access it?
I've not had to play with Skynet before, just installed it and left it to it.

 

[dave14305]

Anyone know how to fix this so I can access it?

Read this post:

Skynet - Skynet - Router Firewall & Security Enhancements

For support requests and questions please use the Github Issue Tracker where this script is actively maintained Skynet - Router Firewall & Security Enhancements Elevate your home network security with Skynet, a robust firewall and security tool meticulously crafted for ASUS routers running...

www.snbforums.com