Butterfly Bones
Very Senior Member
Ah yassss. Lubarsky's Law of Cybernetic Entomology
Hello, 1st time poster here with a question/problem. I am using Skynet and would like to block all TOR/VPN usage on my home network. I have tried using option 5 to import URL- https://www.dan.me.uk/torlist , but it just says "command not recognized". I have been googling on how to do this and reading thru this forum and cannot figure out what I am doing wrong.
sh /jffs/scripts/firewall import blacklist xxxxxxxx.com
Thanks so much for the quick reply.I forgot to update the menu entry when adding selective blacklist/whitelist support. For now just use the manual command;
Code:sh /jffs/scripts/firewall import blacklist xxxxxxxx.com
Jun 7 09:04:21 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=<redacted> SRC=8.8.8.8 DST=<My ISP WAN IP> LEN=118 TOS=0x00 PREC=0x00 TTL=58 ID=50895 PROTO=UDP SPT=53 DPT=44488 LEN=98 MARK=0x8000000
Last 50 Unique Connections Blocked (Invalid);
https://otx.alienvault.com/indicator/ip/8.8.8.8
Top 50 Blocks (Invalid);
722x https://otx.alienvault.com/indicator/ip/8.8.8.8
Top 50 Blocked Devices (Outbound);
8x 192.168.1.xxx (No Name Found) - Vizio Smart TV
4x xx.yy.xxx.yyy (No Name Found) - my ISP Wan IP
1x 192.168.1.yy Linux Desktop
8.8.8.8 comment "ManualWlist: Google DNS"
Input IP Or Range To Whitelist:
[IP/Range]: 8.8.8.8
Input Comment For Whitelist:
[Comment]: Google DNS
Whitelisting 8.8.8.8
ipset v6.32: Element cannot be added to the set: it's already added
Saving Changes
Router Model; RT-AC86U
Skynet Version; v6.2.6 (06/06/2018)
iptables v1.4.15 - (eth0 @ 192.168.1.1)
ipset v6.32, protocol version: 6
FW Version; 384.5_0 (May 12 2018) (4.1.27)
Install Dir; /tmp/mnt/SNB/skynet (11.1G / 14.0G Space Available)
SWAP File; /tmp/mnt/SNB/myswap.swp (2.0G)
Boot Args; /jffs/scripts/firewall start skynetloc=/tmp/mnt/SNB/skynet
No Lock File Found
Checking Install Directory Write Permissions... [Passed]
Checking Firewall-Start Entry... [Passed]
Checking Services-Stop Entry... [Passed]
Checking CronJobs... [Passed]
Checking IPSet Comment Support... [Passed]
Checking Log Level 5 Settings... [Passed]
Checking For Duplicate Rules In RAW... [Passed]
Checking Inbound Filter Rules... [Passed]
Checking Inbound Debug Rules [Passed]
Checking Outbound Filter Rules... [Passed]
Checking Outbound Debug Rules [Passed]
Checking Whitelist IPSet... [Passed]
Checking BlockedRanges IPSet... [Passed]
Checking Blacklist IPSet... [Passed]
Checking Skynet IPSet... [Passed]
Checking For AB-Solution Plus Content... [Passed]
Checking Autoupdate Setting... [Enabled]
Checking Auto-Banmalware Update Setting... [Enabled]
Checking Unban PrivateIP Setting... [Enabled]
Checking Log Invalid Setting... [Enabled]
Checking Ban AiProtect Setting... [Enabled]
Checking Secure Mode Setting... [Enabled]
It compliment each other. No conflict. Aiprotection is blocking based on signature from trendmicro when Skynet got its ip list from firehol which compiled from many reputable source.
And now after 6.2.2, those ip blocked by ai protection will be able to add into Skynet blacklist if the function is enable under Debug option.
Autoban function is auto adding of ip to ban list that is sending very frequent invalid packet within certain period of time. What ever the case, invalid packet are default dropped even when it is not in ban list. So no worry.
Hi Adamm, I have one more issue I cannot seem to solve. I've been wrestling with this for a few weeks now, it affects my online TV streaming - Hulu in particular, also Netflix and Amazon Prime and Smart Home devices. Trying to solve Google DNS being blocked. Because I have numerous IoT devices that need to talk to Google DNS on different ports, that is the issue. I'm confident that my network is safe with no ports open to the WAN (tested with known good port scanner sites), and of course with Skynet running. Here is my network for background.
- 1 Linux desktop
- Chromebook (ChromeOS 67)
- 1 Vizio smart TV (built in Chromecast)
- 1 Chromecast Ultra
- 5 Google Home speakers
- 3 smart lights
- 1 printer
- 1 Android tablet
- 2 Android phones
Code:Jun 7 09:04:21 kernel: [BLOCKED - INVALID] IN=eth0 OUT= MAC=<redacted> SRC=8.8.8.8 DST=<My ISP WAN IP> LEN=118 TOS=0x00 PREC=0x00 TTL=58 ID=50895 PROTO=UDP SPT=53 DPT=44488 LEN=98 MARK=0x8000000
Pertinent info from Stats - Display - 50 - Packet type All
I understand that some outbound attempts that are blocked are appropriate from links to advertising or possible malware sites that firehol or OTX have identified. It is the outbound blocks of my ISP WAN IP and the Vizio TV that are particularly troublesome.Code:Last 50 Unique Connections Blocked (Invalid); https://otx.alienvault.com/indicator/ip/8.8.8.8 Top 50 Blocks (Invalid); 722x https://otx.alienvault.com/indicator/ip/8.8.8.8 Top 50 Blocked Devices (Outbound); 8x 192.168.1.xxx (No Name Found) - Vizio Smart TV 4x xx.yy.xxx.yyy (No Name Found) - my ISP Wan IP 1x 192.168.1.yy Linux Desktop 8.8.8.8 comment "ManualWlist: Google DNS"
I double checked by trying to add to whitelist:
Code:Input IP Or Range To Whitelist: [IP/Range]: 8.8.8.8 Input Comment For Whitelist: [Comment]: Google DNS Whitelisting 8.8.8.8 ipset v6.32: Element cannot be added to the set: it's already added Saving Changes
Output of debug info
Code:Router Model; RT-AC86U Skynet Version; v6.2.6 (06/06/2018) iptables v1.4.15 - (eth0 @ 192.168.1.1) ipset v6.32, protocol version: 6 FW Version; 384.5_0 (May 12 2018) (4.1.27) Install Dir; /tmp/mnt/SNB/skynet (11.1G / 14.0G Space Available) SWAP File; /tmp/mnt/SNB/myswap.swp (2.0G) Boot Args; /jffs/scripts/firewall start skynetloc=/tmp/mnt/SNB/skynet No Lock File Found Checking Install Directory Write Permissions... [Passed] Checking Firewall-Start Entry... [Passed] Checking Services-Stop Entry... [Passed] Checking CronJobs... [Passed] Checking IPSet Comment Support... [Passed] Checking Log Level 5 Settings... [Passed] Checking For Duplicate Rules In RAW... [Passed] Checking Inbound Filter Rules... [Passed] Checking Inbound Debug Rules [Passed] Checking Outbound Filter Rules... [Passed] Checking Outbound Debug Rules [Passed] Checking Whitelist IPSet... [Passed] Checking BlockedRanges IPSet... [Passed] Checking Blacklist IPSet... [Passed] Checking Skynet IPSet... [Passed] Checking For AB-Solution Plus Content... [Passed] Checking Autoupdate Setting... [Enabled] Checking Auto-Banmalware Update Setting... [Enabled] Checking Unban PrivateIP Setting... [Enabled] Checking Log Invalid Setting... [Enabled] Checking Ban AiProtect Setting... [Enabled] Checking Secure Mode Setting... [Enabled]
Sorry if I'm late to the party. So there is an option under debug to to add aiprotection blocked ip's to the skynet blacklist similar to failtoban on linux? Where can i find more information about this?
thanks!
sh /jffs/scripts/firewall debug banaiprotect enable
So that's interesting. I would have assumed that TrendMicro uses routers with AiProtect as sensors on the web that keep them informed as to what adversary activity is going on. Which I am ok participating as a sensor. But at the same time, I would also expect that as a "data contributor" they should be updating AiP with the latest threat information. :dunno:Generally speaking AiProtect is pretty limited in what it blocks, I've only seen it block a handful of (old) CVE's.
OK, yep. That checks, I just don't know who is responsible for maintaining those lists Skynet uses (and it's not important that I know, necessarily) but I am curious to know whether they ingest things like the HIDDEN COBRA in a timely manner. ?Skynet uses reputation data to actively block new botnets/scanners. If you are reffering to the "hidden cobra" lists, Skynet directly sources the previous list released last year, the new list I'm sure overlaps with Skynets other reputation databases.
OK, yep. That checks, I just don't know who is responsible for maintaining those lists Skynet uses (and it's not important that I know, necessarily) but I am curious to know whether they ingest things like the HIDDEN COBRA in a timely manner. ?
Yes there is, it’s a feature we added last week.
Code:sh /jffs/scripts/firewall debug banaiprotect enable
I've pushed v6.2.7
Skynet will now look for (and delete!) files associated with the VPNFilter malware if secure mode is enabled.
Some other small changes include the import command being fixed in the main menu, and not hard exiting on select commands when a firewall service restart is required.
I notice, under the debug options, there are now toggles for secure mode and ban aiprotection. Does Skynet show anywhere the current status of those 2 options, whether they’re on or off?
And is there an easy way to check if Skynet found any VPNFilter-related files?
I notice, under the debug options, there are now toggles for secure mode and ban aiprotection. Does Skynet show anywhere the current status of those 2 options, whether they’re on or off?
And is there an easy way to check if Skynet found any VPNFilter-related files?
Hey there,
What do these mean in the context of the VPNFILTER related files and how might I fix them?
Checking Services-Stop Entry... [Failed]
Checking Log Invalid Setting... [Disabled]
Thanks,
J
I don't know if this should be happening but I am finding that upon reboot that my swapfile is not enabled. I have to go and enable it manually. Is automatically swapon'ing the swap something you might consider adding or is it an issue on my end. I did create the swap file via skynet on my external USB 3 ext2 formatted media. I am using the AC68U Extreme with merlins latest firmware. Your software is also fully up to date.
Awesome @Adamm !!I've pushed v6.2.7
Skynet will now look for (and delete!) files associated with the VPNFilter malware if secure mode is enabled.
Some other small changes include the import command being fixed in the main menu, and not hard exiting on select commands when a firewall service restart is required.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!