Skynet SkyNet Blocking Subnet

[NotA+]

Can someone else take over?
Thanks.
Is there an alternative?
Does logging have to be on for Skynet to function properly?
Thanks

 

[djtech2k]

Ok since this thread is here, I will re-use it.

I found today that an IP from Microsoft got banned by skynet. No idea why, but it did. I unbanned it and the app worked again. As I was watching the firewall syslog (suggested from skynet post), I saw a string of outbound port 53 UDP blocks. I looked up the IP on alienvault and it shows up as Korean Internet Security Agency. Of course that is freaking me out now.

The source was a Windows Domain Controller server that was apparently trying to connect on port 53 UDP to that IP. I cannot figure out why that was happening. According to skynet, it just started happening on 4-28-2021. It was happening while I was watching for about 20 attempts and then it stopped. The IP is: 210.101.60.1.

Here is an example of my skynet logs:

May 3 18:29:50 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=10:c3:7b:40:34:08:00:15:5d:63:c9:01:08:00 SRC=192.X.X.X DST=210.101.60.1 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=22041 PROTO=UDP SPT=49595 DPT=53 LEN=40

Any thoughts?

 

[joe scian]

Ok since this thread is here, I will re-use it.

I found today that an IP from Microsoft got banned by skynet. No idea why, but it did. I unbanned it and the app worked again. As I was watching the firewall syslog (suggested from skynet post), I saw a string of outbound port 53 UDP blocks. I looked up the IP on alienvault and it shows up as Korean Internet Security Agency. Of course that is freaking me out now.

The source was a Windows Domain Controller server that was apparently trying to connect on port 53 UDP to that IP. I cannot figure out why that was happening. According to skynet, it just started happening on 4-28-2021. It was happening while I was watching for about 20 attempts and then it stopped. The IP is: 210.101.60.1.

Here is an example of my skynet logs:

May 3 18:29:50 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=10:c3:7b:40:34:08:00:15:5d:63:c9:01:08:00 SRC=192.X.X.X DST=210.101.60.1 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=22041 PROTO=UDP SPT=49595 DPT=53 LEN=40

Any thoughts?

Yes stop looking at the logs if its freaking you out - life is too short for this to be causing you stress.

 

[Jack Yaz]

Ok since this thread is here, I will re-use it.

I found today that an IP from Microsoft got banned by skynet. No idea why, but it did. I unbanned it and the app worked again. As I was watching the firewall syslog (suggested from skynet post), I saw a string of outbound port 53 UDP blocks. I looked up the IP on alienvault and it shows up as Korean Internet Security Agency. Of course that is freaking me out now.

The source was a Windows Domain Controller server that was apparently trying to connect on port 53 UDP to that IP. I cannot figure out why that was happening. According to skynet, it just started happening on 4-28-2021. It was happening while I was watching for about 20 attempts and then it stopped. The IP is: 210.101.60.1.

Here is an example of my skynet logs:

May 3 18:29:50 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=10:c3:7b:40:34:08:00:15:5d:63:c9:01:08:00 SRC=192.X.X.X DST=210.101.60.1 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=22041 PROTO=UDP SPT=49595 DPT=53 LEN=40

Any thoughts?

got any IoT devices on the network? you may want to look into enabling DNS filter on your router which can block/redirect these lookups to undesired DNS servers

 

[Tech9]

Any thoughts?

Skynet by itself is not blocking anything. It's the blocklist used by Skynet. Blocklists are community supported and errors are common. You can customize blocklists in Skynet. I use pfBlocker-NG with firehol_level1 only in IP blocking. The more blocklists you add the more chances for false positives.

 

[djtech2k]

Just for reference if I did not mention it already, my Asus is connected inside of my ISP's router device. So I am essentially in a double-NAT situation. When I look at the skynet logs, I am surprised at how many blocks there are. I only have 1 port forwarded from my outside ISP device, which is for the Asus VPN port.

 

[Tech9]

When I look at the skynet logs, I am surprised at how many blocks there are.

Without Skynet your firewall will drop 99.9% and your VPN server will reject the rest 0.01%. Skynet only freaks you out and you block more and more things hurting your own Internet connection. On-device VPN can fire through all your firewall enhancements and aiprotections and access easily whatever you have blocked there. This cat and mouse game may go forever and I see no point doing it on a home network used by people you know. What's the issue accessing websites in China or Russia? I'm a hardware guy and sources in China and Russia are great. Very often the only sources of useful information are located in China or Russia. Many scripts in AMTM require Entware. Guess who maintains Entware and where is he from.