Skynet Skynet - Router Firewall & Security Enhancements

[Butterfly Bones]

I noticed today that there is an option to add AiProtection to Skynet. Is there any advantage in doing that?

https://www.snbforums.com/threads/r...urity-enhancements.16798/page-338#post-566646

 

[TheLyppardMan]

https://www.snbforums.com/threads/r...urity-enhancements.16798/page-338#post-566646

I understand the page number, but what does the 566646 refer to and does clicking on the link you kindly provided take me straight to the post I should be looking at? Still not sure if there is any advantage or disadvantage by adding AiProtection to Skynet, but I'll try searching this forum to see if I can find anything.

 

[martinr]

I noticed today that there is an option to add AiProtection to Skynet. Is there any advantage in doing that?

That’s the Import AIProtection Data setting, which used to be known as Ban AIProtection? It’s a crude sort of artificial intelligence, if you like: Skynet learns from anything that AIProtection picks up and adds it to its list. I guess, if you subscribe to the AIProtection emails, as I do, it should reduce them even further, because you ought only to get the first alert, and, thereafter, Skynet looks after that particular IP address. So that could be one advantage.

 

[Butterfly Bones]

I understand the page number, but what does the 566646 refer to and does clicking on the link you kindly provided take me straight to the post I should be looking at? Still not sure if there is any advantage or disadvantage by adding AiProtection to Skynet, but I'll try searching this forum to see if I can find anything.

Sorry, try this one and search for "AIProtection" posts from Adamm, there are many, and he has answered this question many, many times.

https://www.snbforums.com/threads/r...urity-enhancements.16798/page-191#post-457893

 

[CriticJay]

n00B question: I want to hide certain Skynet/firewall log entries from the syslog. In particular, the INBOUND blocks. These all appear to be those "botnets" and random portscanners from *.RU (etc) and I think they are a fact of life in this day and age. However, I still want to see any OUTBOUND blocks by Skynet because that would imply one of my local clients is trying to hit a malware IP. Any suggestions?

 

[Butterfly Bones]

n00B question: I want to hide certain Skynet/firewall log entries from the syslog. In particular, the INBOUND blocks. These all appear to be those "botnets" and random portscanners from *.RU (etc) and I think they are a fact of life in this day and age. However, I still want to see any OUTBOUND blocks by Skynet because that would imply one of my local clients is trying to hit a malware IP. Any suggestions?

In Skynet menu, 11, 4

Select Menu Option:
[1]  --> Unban
[2]  --> Ban
[3]  --> Malware Blacklist
[4]  --> Whitelist
[5]  --> Import IP List
[6]  --> Deport IP List
[7]  --> Save
[8]  --> Restart Skynet
[9]  --> Temporarily Disable Skynet
[10] --> Update Skynet
[11] --> Settings
[12] --> Debug Options
[13] --> Stats
[14] --> Install Skynet
[15] --> Uninstall
[r]  --> Reload Menu
[e]  --> Exit Menu
[1-15]: 11

Select Setting To Toggle:
[1]  --> Skynet Auto-Updates        | [Enabled]                   
[2]  --> Malware List Auto-Updates  | [daily]                     
[3]  --> Logging                    | [Enabled]                   
[4]  --> Filter Traffic             | [all]                       
[5]  --> Unban PrivateIP            | [Enabled]                   
[6]  --> Log Invalid Packets        | [Enabled]                   
[7]  --> Import AiProtect Data      | [Enabled]                   
[8]  --> Secure Mode                | [Enabled]                   
[9]  --> Fast Switch List           | [Disabled]                   
[10] --> Syslog Location            | [Custom]                     
[11] --> IOT Blocking               | [Disabled]                   
[12] --> Stats Country Lookup       | [Enabled]                   
[13] --> CDN Whitelisting           | [Enabled]                   
[14] --> Display WebUI              | [Enabled]        
           
[1-14]: 4
Select Filter Option:
[1]  --> All Traffic
[2]  --> Inbound
[3]  --> Outbound
[1-3]:

 

[CriticJay]

In Skynet menu, 11, 4

I thought about that one, but it looks like it'll completely stop the inbound filtering too... no?

I would like the inbound filtering to continue (i.e. the dropping of packets from these "Russian portscanners" etc.) but not fill up the syslog.

Whereas for the outbound filtering, I would like it to both stay enabled and keep logging to syslog.

 

[Butterfly Bones]

I thought about that one, but it looks like it'll completely stop the inbound filtering too... no?

I would like the inbound filtering to continue (i.e. the dropping of packets from these "Russian portscanners" etc.) but not fill up the syslog.

Whereas for the outbound filtering, I would like it to both stay enabled and keep logging to syslog.

Now I am not certain. I thought Skynet did all blocking and only logged what one choose in 11 > 4. I always choose both and then use scribe to handle all Skynet logging. Someone who knows for sutr, likely @Adamm

 

[dave14305]

I thought about that one, but it looks like it'll completely stop the inbound filtering too... no?

I would like the inbound filtering to continue (i.e. the dropping of packets from these "Russian portscanners" etc.) but not fill up the syslog.

Whereas for the outbound filtering, I would like it to both stay enabled and keep logging to syslog.

I had asked for a similar choice a while ago, but it didn’t get much traction.

 

[LetMePutDa]

Can someone help me with getting gamestop.com to work on my browser. Firefox, I can't seem to open open this site, I've tried whitelisting on skynet and diversion with no success. I am running a VPN but I can't seem to figure this out, TIA

 

[SuperDuke]

Can someone help me with getting gamestop.com to work on my browser. Firefox, I can't seem to open open this site, I've tried whitelisting on skynet and diversion with no success. I am running a VPN but I can't seem to figure this out, TIA

Did you process the whitelisting addition? That has snookered me before.

 

[octopus]

Can someone help me with getting gamestop.com to work on my browser. Firefox, I can't seem to open open this site, I've tried whitelisting on skynet and diversion with no success. I am running a VPN but I can't seem to figure this out, TIA

Does it work if you turn VPN off?

 

[LetMePutDa]

Does it work if you turn VPN off?

Yes but I can't figure out how to make it work with VPN on. Tried to CIDR (policy rules) but that didn't work.

 

[octopus]

Yes but I can't figure out how to make it work with VPN on. Tried to CIDR (policy rules) but that didn't work.

Do a nslokup and use that ip and bypass wan rule in VPN.

Name:      gamestop.com
Address 1: 52.207.186.5 ec2-52-207-186-5.compute-1.amazonaws.com
Address 2: 34.199.229.237 ec2-34-199-229-237.compute-1.amazonaws.com

 

[LetMePutDa]

How do I whitelist in vpn?

 

[dave14305]

How do I whitelist in vpn?

I think he’s suggesting to use Policy Based Routing in the VPN Client settings.

 

[TheStork]

I noticed that after installing Skynet, I don’t seem to be able to change Firewall logging settings in the GUI, it reverts back to logged packet type ‘dropped’ when I try to apply a change to ‘none’. Is this expected behaviour?

I like what Skynet does and the stats on its own firewall tab in the GUI, but currently the normal system log is flooded with firewall notifications.

(I’m using a AC88u, 384.16, Skynet v7.1.5)

 

[figorr]

Just one curious thing. I have seen in the Skynet log. "Skynet: Mounting Skynet Web Page As user4.asp"

I remember that when I installed Skynet, at the beginning the user was user1.asp.

Everytime I restart or shut down the router ... Skynet will create a new user?

Are the previous users still there?

Should I delete the previous users? How?

Or should I reinstall Skynet?

 

[Adamm]

I noticed that after installing Skynet, I don’t seem to be able to change Firewall logging settings in the GUI, it reverts back to logged packet type ‘dropped’ when I try to apply a change to ‘none’. Is this expected behaviour?

I like what Skynet does and the stats on its own firewall tab in the GUI, but currently the normal system log is flooded with firewall notifications.

(I’m using a AC88u, 384.16, Skynet v7.1.5)

Skynet hijacks this setting as it changes how IPTables rules are created. As for "your system log being flooded", logging is required for Skynet stats to operate. Skynet will self purge the log every time a command is run or at the top of every hour.

Just one curious thing. I have seen in the Skynet log. "Skynet: Mounting Skynet Web Page As user4.asp"

I remember that when I installed Skynet, at the beginning the user was user1.asp.

Everytime I restart or shut down the router ... Skynet will create a new user?

Are the previous users still there?

Should I delete the previous users? How?

Or should I reinstall Skynet?

You can safely ignore that output, it is for developers. All WebUI addons are allocated a page during their respective startup's ranging from user1-user10 to mount their content too. This output just means Skynet was the fourth script to request a page.

 

[figorr]

Thank you Adamm.