What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

If Autoupdate is enabled from the Settings
Code:
[11] --> Settings
[1]  --> Autoupdate            | [Enabled]
how often or when does Skynet check if updates are available?
 
If Autoupdate is enabled from the Settings
Code:
[11] --> Settings
[1]  --> Autoupdate            | [Enabled]
how often or when does Skynet check if updates are available?
Weekly early Monday morning...
 
And if router happens to be shut down or offline, the next autoupdate check will happen next week if router (and Skynet) is up and running and online? Or?
However cron handles missed events...
 
However cron handles missed events...
I am asking just because for example with Diversion you can easily choose the most suitable blocking file update day and hour from the settings. I wonder if it could be possible to sync Skynet and Diversion update checks?
 
If Autoupdate is enabled from the Settings
Code:
[11] --> Settings
[1]  --> Autoupdate            | [Enabled]
how often or when does Skynet check if updates are available?

Skynet checks for updates at 1.25am every Monday when autoupdates are enabled. Do also note that auto-updates are different from auto-banmalware updates (but with the same logic behind it).
 
Hi @Adamm and everyone,

For some reason I cannot connect to www.fitbit.com on any of my devices. I have tried to whitelist it by domain. I also tried to whitelist it by monitoring all outbound IP but it still does not work (using @Adamm’s post 2 of this thread).

I did a search online regarding all Fitbit IP’s and came across this: https://community.fitbit.com/t5/Web-API-Development/What-are-Fitbit-s-IP-addresses/td-p/324402. Is the constantly changing IP’s that make whitelisting difficult?

Does anyone have any ideas on how to make this work on Skynet?

I tried to whitelist through Diversion as well and made sure to update blocking files after I did what I did in Skynet but no luck.

Thank you very much!!


Sent from my iPhone using Tapatalk
 
Hi @Adamm and everyone,

For some reason I cannot connect to www.fitbit.com on any of my devices. I have tried to whitelist it by domain. I also tried to whitelist it by monitoring all outbound IP but it still does not work (using @Adamm’s post 2 of this thread).

I did a search online regarding all Fitbit IP’s and came across this: https://community.fitbit.com/t5/Web-API-Development/What-are-Fitbit-s-IP-addresses/td-p/324402. Is the constantly changing IP’s that make whitelisting difficult?

Does anyone have any ideas on how to make this work on Skynet?

I tried to whitelist through Diversion as well and made sure to update blocking files after I did what I did in Skynet but no luck.

Thank you very much!!


Sent from my iPhone using Tapatalk


I can access this site fine. It also at the time of my post isn't blocked by lists from Skynet, not to mention they use CloudFlare which is globally whitelisted within Skynet.

Code:
skynet@RT-AX88U-DC28:/tmp/home/root# nslookup fitbit.com
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name:      fitbit.com
Address 1: 54.230.118.135 server-54-230-118-135.sfo9.r.cloudfront.net
Address 2: 54.230.118.98 server-54-230-118-98.sfo9.r.cloudfront.net
Address 3: 54.230.118.87 server-54-230-118-87.sfo9.r.cloudfront.net
Address 4: 54.230.118.220 server-54-230-118-220.sfo9.r.cloudfront.net
skynet@RT-AX88U-DC28:/tmp/home/root# firewall stats search ip 54.230.118.135
#############################################################################################################
#                     _____ _                     _             __                      #
#                    / ____| |                   | |           / /                      #
#                   | (___ | | ___   _ _ __   ___| |_  __   __/ /_                      #
#                    \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \                     #
#                    ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |                    #
#                   |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/                     #
#                                 __/ |                                                #
#                                |___/                                                  #
#                                                                                    #
## - 01/12/2018 -           Asus Firewall Addition By Adamm v6.6.4                    #
##                   https://github.com/Adamm00/IPSet_ASUS                            #
#############################################################################################################


=============================================================================================================


Debug Data Detected in /tmp/mnt/Elements/skynet/skynet.log - 6.8M
Monitoring From Dec 2 01:36:20 To Dec 7 15:49:11
30105 Block Events Detected
2749 Unique IPs
1 Manual Bans Issued

54.230.118.135 is in set Skynet-Whitelist.
54.230.118.135 is NOT in set Skynet-Blacklist.
54.230.118.135 is NOT in set Skynet-BlockedRanges.

Whitelist Reason;


Associated Domain(s);
fitbit.com


IP Location - United States (AS16509)

54.230.118.135 First Tracked On
54.230.118.135 Last Tracked On
0 Blocks Total

Event Log Entries From 54.230.118.135;

First Block Tracked From 54.230.118.135;

10 Most Recent Blocks From 54.230.118.135;

Top 10 Targeted Ports From 54.230.118.135 (Inbound);


--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------


Top 10 Sourced Ports From 54.230.118.135 (Inbound);


--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------



=============================================================================================================



Now with this being said. As long as Skynet has debug mode enabled, it will always print every time something gets blocked. There is never an exception to this rule. I suggest you follow this guide and see if it actually is Skynet causing your issues, as at the moment it seems otherwise.
 
I can access this site fine. It also at the time of my post isn't blocked by lists from Skynet, not to mention they use CloudFlare which is globally whitelisted within Skynet.

Code:
skynet@RT-AX88U-DC28:/tmp/home/root# nslookup fitbit.com
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name:      fitbit.com
Address 1: 54.230.118.135 server-54-230-118-135.sfo9.r.cloudfront.net
Address 2: 54.230.118.98 server-54-230-118-98.sfo9.r.cloudfront.net
Address 3: 54.230.118.87 server-54-230-118-87.sfo9.r.cloudfront.net
Address 4: 54.230.118.220 server-54-230-118-220.sfo9.r.cloudfront.net
skynet@RT-AX88U-DC28:/tmp/home/root# firewall stats search ip 54.230.118.135
#############################################################################################################
#                     _____ _                     _             __                      #
#                    / ____| |                   | |           / /                      #
#                   | (___ | | ___   _ _ __   ___| |_  __   __/ /_                      #
#                    \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \                     #
#                    ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |                    #
#                   |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/                     #
#                                 __/ |                                                #
#                                |___/                                                  #
#                                                                                    #
## - 01/12/2018 -           Asus Firewall Addition By Adamm v6.6.4                    #
##                   https://github.com/Adamm00/IPSet_ASUS                            #
#############################################################################################################


=============================================================================================================


Debug Data Detected in /tmp/mnt/Elements/skynet/skynet.log - 6.8M
Monitoring From Dec 2 01:36:20 To Dec 7 15:49:11
30105 Block Events Detected
2749 Unique IPs
1 Manual Bans Issued

54.230.118.135 is in set Skynet-Whitelist.
54.230.118.135 is NOT in set Skynet-Blacklist.
54.230.118.135 is NOT in set Skynet-BlockedRanges.

Whitelist Reason;


Associated Domain(s);
fitbit.com


IP Location - United States (AS16509)

54.230.118.135 First Tracked On
54.230.118.135 Last Tracked On
0 Blocks Total

Event Log Entries From 54.230.118.135;

First Block Tracked From 54.230.118.135;

10 Most Recent Blocks From 54.230.118.135;

Top 10 Targeted Ports From 54.230.118.135 (Inbound);


--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------


Top 10 Sourced Ports From 54.230.118.135 (Inbound);


--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------



=============================================================================================================



Now with this being said. As long as Skynet has debug mode enabled, it will always print every time something gets blocked. There is never an exception to this rule. I suggest you follow this guide and see if it actually is Skynet causing your issues, as at the moment it seems otherwise.

Hi @Adamm,

Thank you for this, I appreciate it! I actually followed your guide and enable debug watch but for some reason I could not get any OUTbound flow and see this particular IP.

I may have to uninstall Skynet and reinstall it again to see if that solves the issue.


Sent from my iPhone using Tapatalk
 
Hi @Adamm,
Thank you for this, I appreciate it! I actually followed your guide and enable debug watch but for some reason I could not get any OUTbound flow and see this particular IP.

That means its not Skynet causing your issues :p
 
I tried to whitelist through Diversion as well and made sure to update blocking files after I did what I did in Skynet but no luck.
When whitelisting in Diversion the domain is added to the shared whitelist. Skynet does the same. Everytime the whitelist is processed the shared whitelist(s) are processed as well. Diversion restarts Skynet automatically in such a case to have it do its whitelisting.

Seeing that fitbit.com is resolved to a real world IP by presumably Dnsmasq I'd say that Diversion isn't blocking it either.
Maybe your ISP or your set DNS provider blocks the domain.
 
@Adamm and @thelonelycoder,

Thank you for your thoughts! I will take a look at my other router settings to see if I can find out more what is causing this!

Marin


Sent from my iPhone using Tapatalk
 
@Adamm and @thelonelycoder,

Thank you for your thoughts! I will take a look at my other router settings to see if I can find out more what is causing this!

Marin
What response do you get when accessing www.fitbit.com? Is this in a browser or through a Fitbit app or both? Screenshot of the error?

From your router, what are the outputs of
Code:
nslookup www.fitbit.com
ping www.fitbit.com
traceroute www.fitbit.com
curl -v https://www.fitbit.com/
 
What response do you get when accessing www.fitbit.com? Is this in a browser or through a Fitbit app or both? Screenshot of the error?

From your router, what are the outputs of
Code:
nslookup www.fitbit.com
ping www.fitbit.com
traceroute www.fitbit.com
curl -v https://www.fitbit.com/

@dave14305,

Here you go:

Code:
@RT-AC86U-99A8:/tmp/home/root# curl -v https://www.fitbit.com/
* getaddrinfo(3) failed for www.fitbit.com:443
* Couldn't resolve host 'www.fitbit.com'
* Closing connection 0
curl: (6) Couldn't resolve host 'www.fitbit.com'
thekokas062897@RT-AC86U-99A8:/tmp/home/root#

Code:
@RT-AC86U-99A8:/tmp/home/root# traceroute www.fitbit.com
traceroute: bad address 'www.fitbit.com'

Code:
@RT-AC86U-99A8:/tmp/home/root# ping www.fitbit.com
ping: bad address 'www.fitbit.com'

Code:
@RT-AC86U-99A8:/tmp/home/root# nslookup www.fitbit.com
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

nslookup: can't resolve 'www.fitbit.com'

Also see Safari/Chrome screenshots.

Thank you!
 

Attachments

  • Screen Shot 2018-12-07 at 6.29.00 PM.png
    Screen Shot 2018-12-07 at 6.29.00 PM.png
    40.5 KB · Views: 377
  • Screen Shot 2018-12-07 at 6.43.02 PM.png
    Screen Shot 2018-12-07 at 6.43.02 PM.png
    77.1 KB · Views: 400
Also from @Adamm's guide:
I can access this site fine. It also at the time of my post isn't blocked by lists from Skynet, not to mention they use CloudFlare which is globally whitelisted within Skynet.

Code:
skynet@RT-AX88U-DC28:/tmp/home/root# nslookup fitbit.com
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name:      fitbit.com
Address 1: 54.230.118.135 server-54-230-118-135.sfo9.r.cloudfront.net
Address 2: 54.230.118.98 server-54-230-118-98.sfo9.r.cloudfront.net
Address 3: 54.230.118.87 server-54-230-118-87.sfo9.r.cloudfront.net
Address 4: 54.230.118.220 server-54-230-118-220.sfo9.r.cloudfront.net
skynet@RT-AX88U-DC28:/tmp/home/root# firewall stats search ip 54.230.118.135
#############################################################################################################
#                     _____ _                     _             __                      #
#                    / ____| |                   | |           / /                      #
#                   | (___ | | ___   _ _ __   ___| |_  __   __/ /_                      #
#                    \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \                     #
#                    ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |                    #
#                   |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/                     #
#                                 __/ |                                                #
#                                |___/                                                  #
#                                                                                    #
## - 01/12/2018 -           Asus Firewall Addition By Adamm v6.6.4                    #
##                   https://github.com/Adamm00/IPSet_ASUS                            #
#############################################################################################################


=============================================================================================================


Debug Data Detected in /tmp/mnt/Elements/skynet/skynet.log - 6.8M
Monitoring From Dec 2 01:36:20 To Dec 7 15:49:11
30105 Block Events Detected
2749 Unique IPs
1 Manual Bans Issued

54.230.118.135 is in set Skynet-Whitelist.
54.230.118.135 is NOT in set Skynet-Blacklist.
54.230.118.135 is NOT in set Skynet-BlockedRanges.

Whitelist Reason;


Associated Domain(s);
fitbit.com


IP Location - United States (AS16509)

54.230.118.135 First Tracked On
54.230.118.135 Last Tracked On
0 Blocks Total

Event Log Entries From 54.230.118.135;

First Block Tracked From 54.230.118.135;

10 Most Recent Blocks From 54.230.118.135;

Top 10 Targeted Ports From 54.230.118.135 (Inbound);


--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------


Top 10 Sourced Ports From 54.230.118.135 (Inbound);


--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------



=============================================================================================================



Now with this being said. As long as Skynet has debug mode enabled, it will always print every time something gets blocked. There is never an exception to this rule. I suggest you follow this guide and see if it actually is Skynet causing your issues, as at the moment it seems otherwise.


Code:
@RT-AC86U-99A8:/tmp/home/root# nslookup fitbit.com
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name:      fitbit.com
Address 1: 52.222.225.133 server-52-222-225-133.lhr52.r.cloudfront.net
Address 2: 52.222.225.106 server-52-222-225-106.lhr52.r.cloudfront.net
Address 3: 52.222.225.108 server-52-222-225-108.lhr52.r.cloudfront.net
Address 4: 52.222.225.185 server-52-222-225-185.lhr52.r.cloudfront.net

I get the same output but not with the whitelist comment next to them....yet I know I have whitelisted this site
 
@dave14305,

Here you go:

Thank you!
How is DNS configured on your router?
WAN page settings?
LAN DHCP settings?
LAN DNSFILTER settings?
Contents of hosts file in etc directory?
Are you still using Stubby?
 
Last edited:
Well apparently it is my VPN DSN settings in WAN. I use NordVPN (strict configuration and policy rules) and their DNS servers. When I change servers to those of Cloudlflare's, I am able to connect to it. This is rather strange as I have not changed my VPN DNS settings in months and until a month ago I used to connect to fitbit.com on my phone, laptop just fine. Somehow now I can't connect to it any longer.
 
Just noticed the Setting "Ban AIProtect" under option 11. Just wanted to confirm if this stops the router from contacting the TrendMicro servers if AIP is enabled in the router, or what exactly this setting does. Thanks!
 
I've pushed v6.6.5

Code:
Aesthetic improvements
Error codes for rule integrity violations
Movistar fix
Add third failover for Check_Connection()
Additional swap debug output
Only show IPv4 address in device list
Add uptime / ram usage to "debug info"

Note; Ram usage numbers will be different to the WebUI. We are reporting figures available to the system. Cached memory is considered available. Hardware reserve is deducted from the total ram (10-12%)
 
Last edited:
Just noticed the Setting "Ban AIProtect" under option 11. Just wanted to confirm if this stops the router from contacting the TrendMicro servers if AIP is enabled in the router, or what exactly this setting does. Thanks!

This setting actually enhances AiProtect by adding any IP's flagged for malicious activity to Skynet's blacklist.

Code:
( sh /jffs/scripts/firewall settings banaiprotect enable|disable ) Enable/Disable Banning IP's Flagged By AiProtect
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top