Skynet Skynet - Router Firewall & Security Enhancements

[Skeptical.me]

I have reinstalled skynet and it works. so.... If I wanted to reboot the router, what should I do?

Can I reboot the router for cleaning ram?

After I installed skynet it was this.

Ever since I've had Skynet and Diversion (Plus using OpenVPN Server and Clients) my RAM is like that. But I created a 2GB Swap File which ought to help, so I believe.

 

[paulad]

Ever since I've had Skynet and Diversion (Plus using OpenVPN Server and Clients) my RAM is like that. But I created a 2GB Swap File which ought to help, so I believe.

Termper stop SKYNET

restart the router

it works like this !

Total 883.27 MB
Free 466.18 MB
Buffers 0.32 MB
Cache 37.36 MB
Swap 0.00 / 2048.00 MB


Free 466.18 MB

 

[Makaveli]

So, I have a question.

What are the best countries to block IP Address? Is cz a good place to start, I've noticed a lot of unauthorised access attempts come IP addresses from there. What countries have you blocked, and why?

My list is this

Banned Countries; cn br ir ua ar iq tw th lv ru ro cl sa pk bg

List of codes here

https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2

You have to choose what is best you, monitor your logs and start looking up the ips that's are hitting skynet.

if you go back to page 86-88 in this thread there is some discussion on this.

 

[Skeptical.me]

My list is this

Banned Countries; cn br ir ua ar iq tw th lv ru ro cl sa pk bg

List of codes here

https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2

You have to choose what is best you, monitor your logs and start looking up the ips that's are hitting skynet.

if you go back to page 86-88 in this thread there is some discussion on this.

Will do, thank you very much.


Sent from my iPhone using Tapatalk Pro

 

[JaimeZX]

There is no generic best answer. You need to base it upon your needs and level of risk that you are willing to take.

Personally I'm at cn ir kp ru ua.

 

[Adamm]

I have reinstalled skynet and it works. so.... If I wanted to reboot the router, what should I do?

Can I reboot the router for cleaning ram?

After I installed skynet it was this.

Total 883.27 MB
Free 38.14 MB
Buffers 0.00 MB
Cache 447.57 MB
Swap 0.03 / 2048.00 MB

Is this legit? or somthing wrong?

seems working now.

after I reinstall SKYNET.

and I did temper stop skynet and reboot the router.

then everything works.!

Termper stop SKYNET

restart the router

it works like this !

Total 883.27 MB
Free 466.18 MB
Buffers 0.32 MB
Cache 37.36 MB
Swap 0.00 / 2048.00 MB


Free 466.18 MB

Cached ram usage is not the same as used ram. Your real memory usage is only around 300-400MB even though the WebUI shows differently. You can google the differences of how linux and windows handle ram.

 

[paulad]

Cached ram usage is not the same as used ram. Your real memory usage is only around 300-400MB even though the WebUI shows differently. You can google the differences of how linux and windows handle ram.

THX for the reply

but after I reboot it shows all good so.......

 

[paulad]

Cached ram usage is not the same as used ram. Your real memory usage is only around 300-400MB even though the WebUI shows differently. You can google the differences of how linux and windows handle ram.

so I see every mins skynet block things

But what I do not understand :

Dec 11 00:28:54 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:01:69:00:f4:6d:04:0a:29:7f:08:00 SRC=192.168.1.81 DST=50.201.217.214 LEN=143 TOS=0x00 PREC=0x00 TTL=128 ID=22700 PROTO=UDP SPT=7784 DPT=4769 LEN=123


My computer is auto outbound packet to IP: 50.201.217.214

ISP Comcast Cable Communications LLC
Usage Type Fixed Line ISP


But I am using verzion FIOS. so the hacker facked COMCAST?

Is my computer got malware inside?

I got a kaspersky total security and it shows okey.

what you guys think?

 

[Gingko]

hi there,
just saying THANK YOU, THANK YOU, THANK YOU - Skynet is awsome! Before I had dozens up to hundreds of unknown IPs & attack attempts every day, it went down to almost zero. Such protection should be mandatory for all routers around the world.

 

[zerowalker]

Is it possible for it to route to some page so i can tell if the ip address was blocked by skynet?
Run into issues when i couldn't figure out why some stuff didn't work, and had kinda forgotten about the Router;p

Not currently possible, Skynet has other tools to assist in this area.

Hundred years later as i forgot.
But could someone direct me to these tools?

It's starting to be somewhat problematic at times as many normal sites seems to be blocked.
Now i got no clue why they are blocked, might be a good reason, but as far as i can tell it's either by mistake or i got some paranoid rule active haha xd.

One site that got blocked was: https://babeljs.io/
And another one i can't remember, but it also ended with .io i think (might be the reason, not sure).

I am not sure how useful Skynet is for me compared to these 'annoying' cases,
tried checking the logs, but hard to tell what matters and what's just "random" so to speak.

Will have to see if i can get mails if someone quotes me or something,
cause i don't want notifications on everything in this thread as it's mostly unrelated to my question xd.

PS: Not complaining on Skynet itself, it's simply doing what it's told

 

[skeal]

One site that got blocked was: https://babeljs.io/

This site isn't blocked for me. Are you sure you haven't got country blocking?

 

[martinr]

This site isn't blocked for me. Are you sure you haven't got country blocking?

I checked and Skynet is blocking that site on my setup. (I temporarily disabled Skynet, having first checked that address on Virustotal, and it then connected; when I re-enabled Skynet it blocked it again.). I checked my country blocking and .io is not included. (I’m using
cn br ir ua ar iq tw th lv ru ro cl sa pk bg in.)

 

[skeal]

I checked and Skynet is blocking that site on my setup. (I temporarily disabled Skynet, and it then connected; when I re-enabled Skynet it blocked it again.). I checked my country blocking and .io is not included. (I’m using
cn br ir ua ar iq tw th lv ru ro cl sa pk bg in.)

.io is not a country code. Search your skynet for that domains ip. It will tell you how it is being blocked and in what list.

 

[Adamm]

Hundred years later as i forgot.
But could someone direct me to these tools?

It's starting to be somewhat problematic at times as many normal sites seems to be blocked.
Now i got no clue why they are blocked, might be a good reason, but as far as i can tell it's either by mistake or i got some paranoid rule active haha xd.

One site that got blocked was: https://babeljs.io/
And another one i can't remember, but it also ended with .io i think (might be the reason, not sure).

I am not sure how useful Skynet is for me compared to these 'annoying' cases,
tried checking the logs, but hard to tell what matters and what's just "random" so to speak.

Will have to see if i can get mails if someone quotes me or something,
cause i don't want notifications on everything in this thread as it's mostly unrelated to my question xd.

PS: Not complaining on Skynet itself, it's simply doing what it's told

I currently don't see the IP related to that website on any default blacklist.

ASUSWRT-Merlin RT-AX88U 384.9-alpha1-gb90c41ddf Sun Dec 16 10:21:58 UTC 2018
skynet@RT-AX88U-DC28:/tmp/home/root# nslookup babeljs.io
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name:      babeljs.io
Address 1: 13.236.188.46 ec2-13-236-188-46.ap-southeast-2.compute.amazonaws.com
Address 2: 2406:da1c:6aa:c000:1669:34d0:5fc8:fe9f
skynet@RT-AX88U-DC28:/tmp/home/root# sh /jffs/scripts/firewall stats search malware 13.236.188.46
#############################################################################################################
#                     _____ _                     _             __                      #
#                    / ____| |                   | |           / /                      #
#                   | (___ | | ___   _ _ __   ___| |_  __   __/ /_                      #
#                    \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \                     #
#                    ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |                    #
#                   |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/                     #
#                                 __/ |                                                 #
#                                |___/                                                  #
#                                                                                     #
## - 09/12/2018 -           Asus Firewall Addition By Adamm v6.6.5                    #
##                   https://github.com/Adamm00/IPSet_ASUS                            #
#############################################################################################################


=============================================================================================================


[i] Debug Data Detected in /tmp/mnt/Elements/skynet/skynet.log - 7.5M
[i] Monitoring From Dec 8 00:29:28 To Dec 17 11:34:05
[i] 33246 Block Events Detected
[i] 5021 Unique IPs
[i] 1 Manual Bans Issued

Associated Domain(s);
babeljs.io



=============================================================================================================


Exact Matches;


--------------       | ---------
| IP Address |       | | List |
--------------       | ---------



Possible CIDR Matches;


--------------       | ---------
| IP Address |       | | List |
--------------       | ---------



=============================================================================================================


[#] 160992 IPs (+0) -- 1578 Ranges Banned (+0) || 1828 Inbound -- 3 Outbound Connections Blocked! [stats] [11s]

So I can't really offer a reason as to why it was blocked, I also don't maintain the lists. I suggest in future you follow the whitelisting guide then proceed to investigate individual cases accordingly. My whitelist is almost empty and I rarely run into issues with the default list.


Edit; Going over your post, it sounds like it could be due to a country ban. In that case your wound is self inflicted

 

[dave14305]

I’d like to suggest an Outbound-only debug mode for SkyNet. In general, I am less concerned about debugging inbound traffic, but would still like to always see outbound traffic blocking in syslog. I prefer to minimize unnecessary syslog activity since it is copied to jffs so frequently.

Would others find this useful? Today I spent some time unsure why the Apple App store wasn’t working on any devices in our house and was only looking in Diversion for blocked hostnames. Then it occurred to me that it could be Skynet and had to enable debug mode and try the App Store again so I could generate syslog entries to look for Outbound blocks.

Is there a reason for me to block INBOUND traffic with Skynet if I do not open any ports on my firewall (e.g no SSH from WAN, no VPN server, no port forwarding, etc.)? Won't the normal firewall block the same traffic? I want to only run Skynet in OUTBOUND mode, DEBUG on to avoid all the noisy INBOUND traffic that would normally be blocked. Just not sure if I'm missing the point of INBOUND protection in my setup.

 

[Adamm]

Is there a reason for me to block INBOUND traffic with Skynet

Dropping the connection at the earliest possible point and minimizing attack surface.

 

[vw-kombi]

I have been using skynet a while.
Today, I though I would add a VPN to my PIA at the router level, read a load of forums, and it seems so easy. This is so my roku's can go direct to eh UK and save me the cost of the dns geo unblock service.
Mainly I keep coming back to this one thread which many others have used:
https://www.snbforums.com/threads/h...and-other-vpn-providers-384-5-07-10-18.30851/
But..... I have read and read and tried tons of configs, re-read, reviewed, crosschecked but all the time, I just get 'connecting...' when the service is started.
The error in the logs is
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed

Now - the reason I am posting here on skynet is that I have a load of IP's that are blocked inbound within seconds of the TLD errors, but when I stop the VPN service, those same IP's go away.... I am wondering if its related. I collected a load of them :
185.176.26.33
185.10.68.34
107.170.76.217
185.222.210.15
176.119.4.51
77.72.85.8
38.75.137.211
(there are a few more but you get the jist.....)

So.... anyone have VPN client using Private Internet Access (specifically the uk-london server, on the latest port 1198 configuration)

Thanks.

 

[Netbug]

I have been using skynet a while.
Today, I though I would add a VPN to my PIA at the router level, read a load of forums, and it seems so easy. This is so my roku's can go direct to eh UK and save me the cost of the dns geo unblock service.
Mainly I keep coming back to this one thread which many others have used:
https://www.snbforums.com/threads/h...and-other-vpn-providers-384-5-07-10-18.30851/
But..... I have read and read and tried tons of configs, re-read, reviewed, crosschecked but all the time, I just get 'connecting...' when the service is started.
The error in the logs is
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed

Now - the reason I am posting here on skynet is that I have a load of IP's that are blocked inbound within seconds of the TLD errors, but when I stop the VPN service, those same IP's go away.... I am wondering if its related. I collected a load of them :
185.176.26.33
185.10.68.34
107.170.76.217
185.222.210.15
176.119.4.51
77.72.85.8
38.75.137.211
(there are a few more but you get the jist.....)

So.... anyone have VPN client using Private Internet Access (specifically the uk-london server, on the latest port 1198 configuration)

Thanks.

Here's my PIA setup;



just change (Server Address and Port) uk-southampton.privateinternetaccess.com to uk-london.privateinternetaccess.com for london server.

 

[vw-kombi]

Hi Netbug - Thanks for that - yours was actually the first link I came across and did at the start - which seems like days ago now. I tried all your config, then looked at many others also, also the downlod from PIA (built from the PIA client) all options I try say the same 'Connecting....". I must ave tried every value possible. This should be so easy. Makes me think it is being blocked in some way (Latest Firmware, all apps (skynet, diversion etc) up to date. I'm at a loss.

 

[Netbug]

Hi Netbug - Thanks for that - yours was actually the first link I came across and did at the start - which seems like days ago now. I tried all your config, then looked at many others also, also the downlod from PIA (built from the PIA client) all options I try say the same 'Connecting....". I must ave tried every value possible. This should be so easy. Makes me think it is being blocked in some way (Latest Firmware, all apps (skynet, diversion etc) up to date. I'm at a loss.

don't think it would be skynet but have you tried temporary disabling skynet and then trying? also i assume you have clicked 'edit' for Keys and Certificates and done that to?

For Certificate Authority you need to copy everything from the ca.rsa.2048.crt file (open it a text editor, ie. Notepad) and paste in the Certificate Authority text box, for Certificate Revocation List you need to copy everything from the crl.rsa.2048.pem file and paste in the Certificate Revocation List text box. This is for AES-128-CBC. https://www.privateinternetaccess.com/openvpn/openvpn.zip

Other than that not sure, maybe a factory reset would help. Not had issues with it myself.