What's new

Skynet Skynet issue

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Run this command to see why the destination is blocked:
Code:
firewall stats search malware 213.186.33.19
Logging Data Detected in /tmp/mnt/ASUS-SSD/skynet/skynet.log - 7.1M
Monitoring From Jun 29 19:31:09 To Jul 4 15:42:37
30532 Block Events Detected
5386 Unique IPs
0 Manual Bans Issued

=============================================================================================================

Exact Matches;

-------------- | ---------
| IP Address | | | List |
-------------- | ---------

213.186.33.19 | https://iplists.firehol.org/files/dyndns_ponmocup.ipset

Possible CIDR Matches;

-------------- | ---------
| IP Address | | | List |
-------------- | ---------

-*-

=============================================================================================================

[#] 34954 IPs (+0) -- 2387 Ranges Banned (+0) || 3 Inbound -- 0 Outbound Connections Blocked! [stats] [1s]

You can also go to the URL mentioned to see more info:
the problem is that I don’t know how to interpret the information that is given. all this is new to me. sorry !
 
Check Adguard Home logs to see which DNS hostname was requested and returned the IP 213.186.33.19.
i am on "dashboard" "General statistics" but i don't see this IP for the moment (or I’m looking in the wrong place)

NB: thank you again for your help, I have to leave, and will resume tomorrow. regards
 
Run this command to see why the destination is blocked:
Code:
firewall stats search malware 213.186.33.19
You can also go to the URL mentioned to see more info:
@dave14305

here is a list of IP addresses one of my network clients Unbound server has tried to reach over DPT=53, but was blocked by skynet.

Do these look like good legitimate blocks? Or could unbound service be getting dropped?


here is an example of what the log looks like

Code:
kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=XX:XX:XX:XX:XX:XX:XX SRC=192.168.1.14 DST=203.202.250.3 LEN=83 TOS=0x00 PREC=0x00 TTL=64 ID=14637 PROTO=UDP SPT=64668 DPT=53 LEN=63
 
Last edited:
Hello,
- i see again in the section of Skynet "Top 10 Blocked Devices (Outbound)", the own IP of my LAN computer!? why please !?

- and another question, a list for Skynet left by a member (sorry I can’t find the author). here is the address of his list: "Skynet List Member personal". - I have to create a text file, and copy everything in it, and put the file in the skynet "list" folder next!? Is that how we should do it?
* and if already the same name lists are in the folder, must delete them not to be duplicate, where it does not matter.

thanks
 
Last edited:
Hello,
- i see again in the section of Skynet "Top 10 Blocked Devices (Outbound)", the own IP of my LAN computer!? why please !?

- and another question, a list for Skynet left by a member (sorry I can’t find the author). here is the address of his list: "Skynet List Member personal". - I have to create a text file, and copy everything in it, and put the file in the skynet "list" folder next!? Is that how we should do it?
* and if already the same name lists are in the folder, must delete them not to be duplicate, where it does not matter.

thanks
Follow the same steps you did with @dave14305 here in these previous posts:


It appears he has already answered all these questions for you. If you are still having issues it may be more helpful if you start a new thread because this seems to be more about skynet tutorial questions versus an actual problem discovered with skynet.
 
- and another question, a list for Skynet left by a member (sorry I can’t find the author). here is the address of his list: "Skynet List Member personal". - I have to create a text file, and copy everything in it, and put the file in the skynet "list" folder next!? Is that how we should do it?
* and if already the same name lists are in the folder, must delete them not to be duplicate, where it does not matter.

Hi @fanasus .... I'm the keeper of that list you were mentioning... You don't have to go through all those steps to use that list. SImply, paste the URL into the Skynet menu option:

3 - Malware Blacklist -> 2 -- Change Filter List -> Paste the URL (https://raw.githubusercontent.com/ViktorJp/Skynet/main/filter.list) into this field, and hit enter.

After it saves, I believe it runs an update against that new list, but if not, just hit 3, and then 1, to update it.
 
Hi @fanasus .... I'm the keeper of that list you were mentioning... You don't have to go through all those steps to use that list. SImply, paste the URL into the Skynet menu option:

3 - Malware Blacklist -> 2 -- Change Filter List -> Paste the URL (https://raw.githubusercontent.com/ViktorJp/Skynet/main/filter.list) into this field, and hit enter.

After it saves, I believe it runs an update against that new list, but if not, just hit 3, and then 1, to update it.
hello @Viktor Jaep , thanks (I managed to do it) ! just a clarification, for newbie people like me ! do not look for the menu in the interface of Asuswrt Merlin, you have to go through SSH to do it
 
Run this command to see why the destination is blocked:
Code:
firewall stats search malware "IP"
hello @dave14305 , ok I did, but the question is: why is it the IP LAN of my internal network that appears!? and now I also see the PC of my partner (it’s new). what does this blocking mean concretely? thank you
 
hello @dave14305 , ok I did, but the question is: why is it the IP LAN of my internal network that appears!? and now I also see the PC of my partner (it’s new). what does this blocking mean concretely? thank you
By my understanding devices on your LAN (your partner's new PC for example) are trying to access sites that are blocked by the skynet blocklist. If this is inconvenient then set skynet to just block incoming connections - and lose a lot of it's protection.
This has been aswered for you several times already so I hope you get it now.

@dave14305 beat me to the punch.
 
It means those devices are trying to connect to a banned IP. “Why” is a question that can only be answered by you reviewing the logs.
in the log, there is this:
-------- | -------------- | -------------- | -------------
| Hits | | | IP Address | | | AlienVault | | | Ban Reason
-------- | -------------- | -------------- | -------------

49x | 213.186.33.19 (FR) | https://otx.alienvault.com/indicator/ip/213.186.33.19 | BanMalware: d

but what i can do !? no is my fault ! i use los DNS de Quad9 in asuswrt merlin and DNS for the computer are set to the router
 
By my understanding devices on your LAN (your partner's new PC for example) are trying to access sites that are blocked by the skynet blocklist. If this is inconvenient then set skynet to just block incoming connections - and lose a lot of it's protection.
This has been aswered for you several times already so I hope you get it now.

@dave14305 beat me to the punch.
hello @Ripshod ,Well no, I prefer to keep the protection of Skynet in its entirety!
Note: actually it did not bother me to browse the Internet, it’s just that I did not understand why my "PC" was marked as "blocked"
 
hello,
is it normal, that Skynet disconnects if the router restarts!? I have to go through SSH to restart it.
thank you!
 
hello,
is it normal, that Skynet disconnects if the router restarts!? I have to go through SSH to restart it.
thank you!
No, that doesn't sound right at all. I would probably just uninstall it and reinstall it just to make sure that it's writing all the necessary components to auto start each time.
 
hello,
is it normal, that Skynet disconnects if the router restarts!? I have to go through SSH to restart it.
thank you!
No, but skynet does wait for your USB to mount each time the router restarts, before skynet will start-up. If your flash storage sometimes fails to mount in a timely fashion on reboots, this could explain your skynet not properly being started upon router reboot. Obviously a flash storage failing to mount could indicate an even greater flaw present in your setup. This is just pure conjecture because you would first have to determine if this was the actual problem. This is just one of the possibilities.
 
Last edited:
hello @Viktor Jaep , (thanks again for your list)
👍

1- using your list, I cannot access this site: "https://www.stable-diffusion-france.fr/"
Looks like that site is hosting other sites that are serving a lot of malicious content. It's probably blocked because of that: https://otx.alienvault.com/indicator/ip/213.186.33.19

You can always just add that IP to your skynet whitelist, to get around that... totally up to you!

2- why in the "Top 10 Blocks (Outbound)" section, 3 of my LAN IPs are listed please
Most likely because they were the culprits in trying to get to blocked sites... could be mobile devices that are relentlessly trying to contact some server in RU because of some app loaded on there... there's no telling. You'd need to look at the logs to see which sites these devices are going to, and do some sleuthing to figure out why.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top