Skynet Skynet - Router Firewall & Security Enhancements

johnathonm · Aug 8, 2018

Adamm said:
I use apple devices daily and never have any issues or are any being reported. Please post logs of what you believe is causing your problems so we can work from there.

Not a problem. What debug command do you want me to run?

johnathonm · Aug 8, 2018

Adamm,

I have uploaded the contents of my current skynet folder. I messaged you with a link.

-J

skeal · Aug 8, 2018

Run the install script again and enable debug mode. Then collect a days worth of data (trying the apple devices several times during this period) and run a stats dump when finished. You should see the outbound connection results with attempts by your apple devices. Check the IP's against something like whois and forward the info to this thread. You can also search the IP against the malware lists and see who has the IP's blocked. You can do this all from Skynet terminal session.

johnathonm · Aug 8, 2018

https://www.dropbox.com/s/pqqmqpgnpshxai1/events.zip?dl=0

Here is all the info going back to time zero.

skeal · Aug 8, 2018

Most of this doesn't matter, it is the results of my above post that matters. The first post in this thread has a great guide on how to track down an IP problem when something is blocked that you normally need. You have a lot of IP ranges blocked by the way.

skeal · Aug 8, 2018

Are you running any country blocks?

agilani · Aug 8, 2018

Also, skynet already has an extensive whitelist.

johnathonm said:
https://www.dropbox.com/s/pqqmqpgnpshxai1/events.zip?dl=0

Here is all the info going back to time zero.

Have you even looked at these skynet.log file?

You have a lot of outbound blocks to 72.21.91.29 which is verizon business from looks to be multiple devices.

And to 167.89.118.52 which looks suspicious to me

just to name a few

you should look at this log file and search for outbound connection blocks. Lookup the CIDR range of the block and the owner. If you think the traffic is legitimate, add it to the whitelist.

Adamm · Aug 8, 2018

johnathonm said:
Adamm,

I have uploaded the contents of my current skynet folder. I messaged you with a link.

-J

Whatever list you imported Jul 30 11:44 sucks and is causing all your issues. I suggest removing it immediately using the following command;

Code:

sh /jffs/scripts/firewall unban comment "Imported"

Your country bans probably aren't helping either.

johnathonm · Aug 8, 2018

Thanks,

Pulling them now.

agilani · Aug 8, 2018

Skynet and AiProtection

So just to appease my own curiosity...

I see 80.211.185.70 in my aiprotect logs

Code:

External Attacks    80.211.185.70    192.168.1.102    WEB GoAhead login.cgi Information Disclosure Vulnerability
2018-07-27 00:45:52

I check and see that its an italian ip address which is not part of my country blocks
https://myip.ms/info/whois/80.211.185.70

I check and see that it was added to my skynet blacklist

Code:

ipset -L Skynet-Blacklist | grep AiProtect
80.211.185.70 comment "BanAiProtect"

I see other traffic now being blocked to that ip address that did not trigger aiprotect

Code:

Line 415468: <4>1 2018-07-27T04:41:17-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=48164 DPT=81 SEQ=576578511 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 415759: <4>1 2018-07-27T07:16:49-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=50380 DPT=81 SEQ=410143747 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417409: <4>1 2018-07-27T23:44:30-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=41787 DPT=81 SEQ=2319680743 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417467: <4>1 2018-07-28T00:04:04-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=45008 DPT=81 SEQ=1887447114 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417594: <4>1 2018-07-28T01:32:08-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=34666 DPT=81 SEQ=2458031098 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417632: <4>1 2018-07-28T01:55:38-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=59538 DPT=81 SEQ=3294947754 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417759: <4>1 2018-07-28T03:24:50-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=58376 DPT=81 SEQ=1282468763 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417855: <4>1 2018-07-28T04:31:41-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=43674 DPT=81 SEQ=3633484248 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 418247: <4>1 2018-07-28T09:09:32-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=48933 DPT=81 SEQ=2274426019 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 418357: <4>1 2018-07-28T10:24:58-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=41095 DPT=81 SEQ=1083644364 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 418668: <4>1 2018-07-28T13:51:25-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=35720 DPT=81 SEQ=3868071557 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 418813: <4>1 2018-07-28T15:16:14-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=37721 DPT=81 SEQ=2449528176 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 418849: <4>1 2018-07-28T15:43:39-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=55845 DPT=81 SEQ=3822381768 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
Search "89.248.174.45" (324 hits in 1 file)

this is freaking awesome!

I'm a little surprised by the uniqueness of the ips though. I only see this for a small sampling of the ip addresses that aiprotect caught. I'll probably spend some time next seeing what the overlap is between aiprotect and the default skynet blacklists.

skeal · Aug 8, 2018

agilani said:

Skynet and AiProtection

So just to appease my own curiosity...

I see 80.211.185.70 in my aiprotect logs

Code:

External Attacks    80.211.185.70    192.168.1.102    WEB GoAhead login.cgi Information Disclosure Vulnerability
2018-07-27 00:45:52

I check and see that its an italian ip address which is not part of my country blocks
https://myip.ms/info/whois/80.211.185.70

I check and see that it was added to my skynet blacklist

Code:

ipset -L Skynet-Blacklist | grep AiProtect
80.211.185.70 comment "BanAiProtect"

I see other traffic now being blocked to that ip address that did not trigger aiprotect

Code:

Line 415468: <4>1 2018-07-27T04:41:17-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=48164 DPT=81 SEQ=576578511 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 415759: <4>1 2018-07-27T07:16:49-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=50380 DPT=81 SEQ=410143747 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417409: <4>1 2018-07-27T23:44:30-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=41787 DPT=81 SEQ=2319680743 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417467: <4>1 2018-07-28T00:04:04-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=45008 DPT=81 SEQ=1887447114 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417594: <4>1 2018-07-28T01:32:08-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=34666 DPT=81 SEQ=2458031098 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417632: <4>1 2018-07-28T01:55:38-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=59538 DPT=81 SEQ=3294947754 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417759: <4>1 2018-07-28T03:24:50-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=58376 DPT=81 SEQ=1282468763 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 417855: <4>1 2018-07-28T04:31:41-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=43674 DPT=81 SEQ=3633484248 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 418247: <4>1 2018-07-28T09:09:32-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=48933 DPT=81 SEQ=2274426019 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 418357: <4>1 2018-07-28T10:24:58-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=41095 DPT=81 SEQ=1083644364 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 418668: <4>1 2018-07-28T13:51:25-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=35720 DPT=81 SEQ=3868071557 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 418813: <4>1 2018-07-28T15:16:14-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=37721 DPT=81 SEQ=2449528176 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
    Line 418849: <4>1 2018-07-28T15:43:39-07:00 192.168.1.1 kernel - - - kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=2c:4d:54:21:17:f0:00:01:5c:6d:58:46:08:00 SRC=80.211.185.70 DST=23.242.44.106 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=55845 DPT=81 SEQ=3822381768 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0
Search "89.248.174.45" (324 hits in 1 file)

this is freaking awesome!

I'm a little surprised by the uniqueness of the ips though. I only see this for a small sampling of the ip addresses that aiprotect caught.

I know right...

andrew2018 · Aug 8, 2018

Adamm said:
Have you got any IP's blocked?

It looked like it, it said more than 100,000. I ended up uninstalling and reinstalling and it's ok now, thanks.

Xentrk · Aug 9, 2018

@Adamm
I needed a quick way to see the number of entries in my ipset lists and put this together. Any suggestions to make it run faster?

Copy and paste this code inside the /jffs/configs/profile.add file.

liststats () {
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m' # No Color
true > /tmp/ipsetlist
for SETLIST in $(ipset -L | grep "Name:" | sed 's/Name: //')
do
ENTRIES=$(ipset -L "$SETLIST" | grep "entries:" | sed 's/Number of entries: //')
printf '%s %b%s%b\n' "$SETLIST" "$GREEN" "$ENTRIES" "$NC" >> /tmp/ipsetlist
done
cat /tmp/ipsetlist | sort -u
rm /tmp/ipsetlist
}

Then, open up a new SSH session and type the command liststats

Code:

Skynet-Blacklist 109200
Skynet-BlockedRanges 1701
Skynet-Master 2
Skynet-Whitelist 1080
x3mRouting_AMAZONAWS_US 282
x3mRouting_NETFLIX 106

Adamm · Aug 9, 2018

Xentrk said:
@Adamm
I needed a quick way to see the number of entries in my ipset lists and put this together. Any suggestions to make it run faster?

Copy and paste this code inside the /jffs/configs/profile.add file.

liststats () {
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m' # No Color
true > /tmp/ipsetlist
for SETLIST in $(ipset -L | grep "Name:" | sed 's/Name: //')
do
ENTRIES=$(ipset -L "$SETLIST" | grep "entries:" | sed 's/Number of entries: //')
printf '%s %b%s%b\n' "$SETLIST" "$GREEN" "$ENTRIES" "$NC" >> /tmp/ipsetlist
done
cat /tmp/ipsetlist | sort -u
rm /tmp/ipsetlist
}

Then, open up a new SSH session and type the command liststats

Code:

Skynet-Blacklist 109200 Skynet-BlockedRanges 1701 Skynet-Master 2 Skynet-Whitelist 1080 x3mRouting_AMAZONAWS_US 282 x3mRouting_NETFLIX 106

Code:

for SETLIST in $(ipset -L -n); do
    echo "$SETLIST - $(($(ipset -L "$SETLIST" | wc -l) - 8))"
done

Code:

admin@RT-AC86U-2EE8:/tmp/home/root# time -v /opt/tmp/test.sh
NETFLIX - 37
Skynet-Whitelist - 1119
Skynet-Blacklist - 111877
Skynet-BlockedRanges - 1725
Skynet-Master - 2
    Command being timed: "/opt/tmp/test.sh"
    User time (seconds): 0.92
    System time (seconds): 0.06
    Percent of CPU this job got: 103%
    Elapsed (wall clock) time (h:mm:ss or m:ss): 0m 0.94s
    Average shared text size (kbytes): 0
    Average unshared data size (kbytes): 0
    Average stack size (kbytes): 0
    Average total size (kbytes): 0
    Maximum resident set size (kbytes): 5072
    Average resident set size (kbytes): 0
    Major (requiring I/O) page faults: 0
    Minor (reclaiming a frame) page faults: 2002
    Voluntary context switches: 966
    Involuntary context switches: 116
    Swaps: 0
    File system inputs: 0
    File system outputs: 0
    Socket messages sent: 0
    Socket messages received: 0
    Signals delivered: 0
    Page size (bytes): 4096
    Exit status: 0

agilani · Aug 9, 2018

How is skynet blocking domain based blacklists? Via iptables or dns/host files? Is there a reason we don't feed the adblock lists directly into skynet?

DonnyJohnny · Aug 9, 2018

agilani said:
How is skynet blocking domain based blacklists? Via iptables or dns/host files? Is there a reason we don't feed the adblock lists directly into skynet?

Domain blacklist is just for user convenience. It will still be resolved to IP address, during a loading/restart of Skynet and during adding of the domain.
You can choose to import the Adblock list into Skynet but it is not recommended as there is a limit in the number of ip to be blocked in Skynet. 500k. It will also slow down the matching of ip with a huge blacklist. And may affect the surfing experience.

Ad-solution is a better option for ad block as they compliment each other.

agilani · Aug 9, 2018

DonnyJohnny said:
Domain blacklist is just for user convenience. It will still be resolved to IP address, during a loading/restart of Skynet and during adding of the domain.
You can choose to import the Adblock list into Skynet but it is not recommended as there is a limit in the number of ip to be blocked in Skynet. 500k. It will also slow down the matching of ip with a huge blacklist. And may affect the surfing experience.

Ad-solution is a better option for ad block as they compliment each other.

Thanks

Xentrk · Aug 9, 2018

Adamm said:

Code:

for SETLIST in $(ipset -L -n); do
    echo "$SETLIST - $(($(ipset -L "$SETLIST" | wc -l) - 8))"
done

Code:

admin@RT-AC86U-2EE8:/tmp/home/root# time -v /opt/tmp/test.sh
NETFLIX - 37
Skynet-Whitelist - 1119
Skynet-Blacklist - 111877
Skynet-BlockedRanges - 1725
Skynet-Master - 2
    Command being timed: "/opt/tmp/test.sh"
    User time (seconds): 0.92
    System time (seconds): 0.06
    Percent of CPU this job got: 103%
    Elapsed (wall clock) time (h:mm:ss or m:ss): 0m 0.94s
    Average shared text size (kbytes): 0
    Average unshared data size (kbytes): 0
    Average stack size (kbytes): 0
    Average total size (kbytes): 0
    Maximum resident set size (kbytes): 5072
    Average resident set size (kbytes): 0
    Major (requiring I/O) page faults: 0
    Minor (reclaiming a frame) page faults: 2002
    Voluntary context switches: 966
    Involuntary context switches: 116
    Swaps: 0
    File system inputs: 0
    File system outputs: 0
    Socket messages sent: 0
    Socket messages received: 0
    Signals delivered: 0
    Page size (bytes): 4096
    Exit status: 0

Grateful! Thank you for the help.

OKLY · Aug 12, 2018

Looking to seek some advice here.

I noticed my Sony smart TV is trying to communicate with random IPs.

Example:
[BLOCKED - OUTBOUND] IN=br0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=192.168.1.98 DST=50.200.136.108 LEN=132 TOS=0x00 PREC=0x00 TTL=64 ID=19956 DF PROTO=UDP SPT=6881 DPT=57599 LEN=112

It will always try to communicate with the same IP about every 10 minutes until I reboot the TV, then it will try to communicate with another IP address. Is this considered a compromised smart TV?

DonnyJohnny · Aug 12, 2018

OKLY said:
Looking to seek some advice here.

I noticed my Sony smart TV is trying to communicate with random IPs.

Example:
[BLOCKED - OUTBOUND] IN=br0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=192.168.1.98 DST=50.200.136.108 LEN=132 TOS=0x00 PREC=0x00 TTL=64 ID=19956 DF PROTO=UDP SPT=6881 DPT=57599 LEN=112

It will always try to communicate with the same IP about every 10 minutes until I reboot the TV, then it will try to communicate with another IP address. Is this considered a compromised smart TV?

https://otx.alienvault.com/indicator/ip/50.200.136.108
https://www.hybrid-analysis.com/sam...f9b2d087cffe2341030533d64f5?environmentId=100

What’s the other ip? Seems to be malicious... like from some torrent apps. What apps you have installed in your tv. Have u tried removing them?

Thread starter	Title	Forum	Replies	Date
	Skynet Skynet causes router to crash and reboot	Asuswrt-Merlin AddOns	1	Jun 26, 2024
S	Skynet Skynet showing router itself making calls to China?	Asuswrt-Merlin AddOns	26	May 20, 2024
J	Skynet Skynet - Blocked outbounds coming from the router itself?	Asuswrt-Merlin AddOns	12	May 9, 2024
O	Skynet Installing Skynet causes router to crash and reboot	Asuswrt-Merlin AddOns	26	Feb 17, 2024
	Skynet Message on SKYNET I havent seen before	Asuswrt-Merlin AddOns	1	Oct 25, 2024
S	Skynet firewall reduces wireless range	Asuswrt-Merlin AddOns	14	Sep 30, 2024
P	Skynet Internet speed lower with Skynet on	Asuswrt-Merlin AddOns	9	Sep 19, 2024
N	Skynet SkyNet/Firewall blocking all ping requests, including outbound	Asuswrt-Merlin AddOns	6	Jul 29, 2024
W	Skynet SOLVED: Scrollbar Disappears on Skynet Tab on Asuswrt-Merlin 386.14	Asuswrt-Merlin AddOns	10	Jul 21, 2024
D	Skynet Best way to configure SkyNet on RX-AT82U	Asuswrt-Merlin AddOns	7	Jul 5, 2024

Skynet Skynet - Router Firewall & Security Enhancements

Regular Contributor

Regular Contributor

Part of the Furniture

Regular Contributor

Part of the Furniture

Part of the Furniture

Very Senior Member

Part of the Furniture

Regular Contributor

Very Senior Member

Part of the Furniture

andrew2018

Guest

Part of the Furniture

Part of the Furniture

Very Senior Member

Very Senior Member

Very Senior Member

Part of the Furniture

Occasional Visitor

Very Senior Member

Similar threads

Similar threads

Support SNBForums w/ Amazon

Sign Up For SNBForums Daily Digest