What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I am not planning to factory reset it. Too much to reconfigure it back. I only need to find a way to reset/remove/reinstall that DNSCrypt, as I need/want to keep using it... but I have no idea now how can I do that.
100%. Rest assured, someone who knows what to do will post. Far easier to wait for that than factory reset - sledgehammer to crack a nut.

Have you tried rebooting time after time? You might just get lucky long enough to try to uninstall DNSCrypt.
 
I have no connectivity to internet on the router because of that DNSCrypt - so I cannot run
"curl -L -s -k -O https://raw.githubusercontent.com/thuantran/dnscrypt-asuswrt-installer/master/installer && sh installer ; rm installer"
command for to manually remove/reinstall it.
I had similar problems at one point, the solution I came up with was a bit of a kludge - I'm sure there's a more elegant way to tell the router not to use dnscrypt-proxy - but it worked. I'm pretty certain this is what I did, but it was a while ago now so apologies in advance if doesn't work:
I downloaded the raw installer script from github on my phone (path as above), copied it from the phone to my PC over USB, then uploaded it from the PC to the router's /jffs/scripts folder via WinSCP. Marked it as executable then ran the installer via ssh:
Code:
sh /jffs/scripts/installer
I think this would enable you to uninstall.
 
Last edited:
I am not planning to factory reset it. Too much to reconfigure it back. I only need to find a way to reset/remove/reinstall that DNSCrypt, as I need/want to keep using it... but I have no idea now how can I do that.
What if you temporarily rename the dnsmasq.postconf script it adds and restart dnsmasq to use your original WAN DNS servers? That should get old-fashioned DNS resolution working again.
Code:
mv /jffs/scripts/dnsmasq.postconf /jffs/scripts/no_dnsmasq.postconf
service restart_dnsmasq
If you run Diversion as well, this will temporarily break that as well, but it can be put back later.
 
After upgrading to 6.6.6, the log began to be filled with near constant entries like these:
Code:
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=267 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=247
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=279 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=259
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=279 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=259
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=267 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=247
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=279 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=259
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=207 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=187
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=207 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=187
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=118 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=98
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=279 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=259
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=214 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=38000 DPT=38032 LEN=194
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=214 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=194
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=214 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=59000 DPT=59032 LEN=194
Jan 11 09:22:42 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=267 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=247
Jan 11 09:22:42 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=279 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=259
Jan 11 09:22:42 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=279 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=259
Jan 11 09:22:42 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=267 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=247
Jan 11 09:22:42 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=279 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=259
Jan 11 09:22:42 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=279 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=259
Jan 11 09:22:42 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=267 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=247
Jan 11 09:22:42 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=279 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=259

I was unable to get back into the menu for Skynet for several minutes. It hung at the 'splash screen' and the actual menu would not display:

Router Model; RT-AC3200
Skynet Version; v6.6.6 (10/01/2019) (8df04382fad89e26fe611c131d322ceb)
iptables v1.4.15 - (eth0 @ 192.168.0.1)
ipset v6.32, protocol version: 6
FW Version; 384.6_0 (Jul 25 2018) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/RT-AC3200/skynet (6.7G / 7.4G Space Available)
SWAP File; /tmp/mnt/RT-AC3200/myswap.swp (256.3M)
Boot Args; /jffs/scripts/firewall start skynetloc=/tmp/mnt/RT-AC3200/skynet

Once I was able to get to the menu, I whitelisted localhost (127.0.0.1) for now and the noise stopped. Whatever was happening apparently caused some sort of issue for my wireless devices as they all reconnected after this was resolved (noticed no major issue on wired connections).

I noticed the other discussion and wanted to add that I do not use dnscrypt.

Skynet also said its connectivity check failed when the menu did finally load:
Internet-Connectivity | [Failed]
 
Last edited:
After upgrading to 6.6.6, the log began to be filled with near constant entries like these:
Code:
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=267 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=247
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=279 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=259
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=279 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=259
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=267 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=247
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=279 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=259
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=207 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=187
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=207 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=187
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=118 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=98
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=279 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=259
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=214 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=38000 DPT=38032 LEN=194
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=214 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=194
Jan 11 09:22:41 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=214 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=59000 DPT=59032 LEN=194
Jan 11 09:22:42 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=267 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=247
Jan 11 09:22:42 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=279 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=259
Jan 11 09:22:42 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=279 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=259
Jan 11 09:22:42 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=267 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=247
Jan 11 09:22:42 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=279 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=259
Jan 11 09:22:42 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=279 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=259
Jan 11 09:22:42 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=267 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=247
Jan 11 09:22:42 lloyddobler kernel: [BLOCKED - OUTBOUND] IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=279 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45000 DPT=45032 LEN=259

I was unable to get back into the menu for Skynet for several minutes. It hung at the 'splash screen' and the actual menu would not display:

Router Model; RT-AC3200
Skynet Version; v6.6.6 (10/01/2019) (8df04382fad89e26fe611c131d322ceb)
iptables v1.4.15 - (eth0 @ 192.168.0.1)
ipset v6.32, protocol version: 6
FW Version; 384.6_0 (Jul 25 2018) (2.6.36.4brcmarm)
Install Dir; /tmp/mnt/RT-AC3200/skynet (6.7G / 7.4G Space Available)
SWAP File; /tmp/mnt/RT-AC3200/myswap.swp (256.3M)
Boot Args; /jffs/scripts/firewall start skynetloc=/tmp/mnt/RT-AC3200/skynet

Once I was able to get to the menu, I whitelisted localhost (127.0.0.1) for now and the noise stopped. It apparently caused some sort of issue for my wireless devices as they all reconnected after this was resolved (noticed no major issue on wired connections).

I noticed the other discussion and wanted to add that I do not use dnscrypt.

Skynet also said its connectivity check failed when the menu did finally load:
Internet-Connectivity | [Failed]


With the information provided, I assume its because we weren't filtering out Private IP's in the new BanAiProtect update so some weird domain resolved to 127.0.0.1, mind posting the output of the following command just to confirm the theory;

Code:
sqlite3 /jffs/.sys/AiProtectionMonitor/AiProtectionMonitor.db "SELECT dst FROM monitor;" | awk '!x[$0]++'
 
With the information provided, I assume its because we weren't filtering out Private IP's in the new BanAiProtect update so some weird domain resolved to 127.0.0.1, mind posting the output of the following command just to confirm the theory;

Code:
sqlite3 /jffs/.sys/AiProtectionMonitor/AiProtectionMonitor.db "SELECT dst FROM monitor;" | awk '!x[$0]++'


Code:
# sqlite3 /jffs/.sys/AiProtectionMonitor/AiProtectionMonitor.db "SELECT dst FROM monitor;" | awk '!x[$0]++'
127.0.0.1
134.249.116.78
185.142.236.223
185.235.245.13
192.168.0.16
192.168.0.53
195.24.65.4
2603:3001:2602:F400:0000:0000:0000:1A80
98.251.57.209
acc-logtrade.at.ua
accounts-log.usite.pro
activesmshub.com
all-new-msgapp-app.000webhostapp.com
alqu.org
api.clique.us
api.snappcloud.com
app-new-for-new-msggg.000webhostapp.com
applefcuorg.com
ariseboundary.com
bit.ly
blancmarine.com
boburl.us
cibc-1secure-mobile.su
click.email.thinkgeek.com
coverd.yn.to
craigslist.kcdi-rks.org
craigslistlogaccounts.000webhostapp.com
curtarroyo.com
ddfundacja.org
deboerandsaxsma.com
drive-it.ml
eastwind.ml
expotaxibrasil.com.br
f4.bcbits.com
feeds.adknit.com
firebog.net
gcm.netmng.com
gistfy.facepunch.org
hagsa.mymailsrvr.com
identityiq.com
images.clemenvilla.info
iturbo.com.br
l.eml.condenast.com
l.eml.hearstmags.com
lacktiq5.beget.tech
links.mxserver-ao01.info
livewallpaper.info
madamadore.net
medlinetech.com
miningresources.co.za
mymailsrvr.com
myturbotax.intuit.comturbotax.radionovasc.com.br
new-messages-account-88545.000webhostapp.com
new-msg-corolla-info.000webhostapp.com
nhr1zpzxltpbvrvhlojc.boltoncares.org.uk
nob000.site
ogival.com.my
portalserver.argenta.be-00712dd58e22b0bca040fc92500.transportes
post5342cto.at.ua
posting-car.at.ua
realcenter-mobileapps.com
realcenter-mobileapps1.com
redirect.trigtrack.com
requested-new-app-for-msj.000webhostapp.com
russdales.com
s4.bcbits.com
sadvvaaonline.com
sigalens-immobilier.com
sourpuss.net
sqs.so
ssapthayoga.com
static.catfly.com
swiadomie.com
thalassemia.org.ae
toplivospb.ru
tpcgroup.vn
trade00926.at.ua
udmserve.net
unipharma-eg.com
usaa.com-inet.inet.ent-securelogon-reviewaccount-redirectjsp.au
usaa.com.o0ox.com
v.firebog.net
wallpaper.wiki
wildcard.photoboothsofarkansas.com
www.accuratevisions.com
www.adbull.co
www.akrostools.com
www.appleid.apple.com.clattervalley.com
www.celebsclothing.com
www.cpa.org.ar
www.craigslist.access-now.org
www.eventilation.com
www.forgottenwisdomprod.com
www.getnakedwithcoacharwen.com
www.identityiq.com
www.princessburlap.com
www.srvbytrking.com
www.tekstildanismanlik.net
www5.tax.hmrc.gov.uk.6218169007.tax.online.mumbaipsychiatryclin
x.co
xn--plnex-1sa3bb.com
xn--plniex-wxab.com
xn--polnix-fva1f.com
 
Code:
# sqlite3 /jffs/.sys/AiProtectionMonitor/AiProtectionMonitor.db "SELECT dst FROM monitor;" | awk '!x[$0]++'
127.0.0.1
134.249.116.78
185.142.236.223
185.235.245.13
192.168.0.16
192.168.0.53
195.24.65.4
2603:3001:2602:F400:0000:0000:0000:1A80
98.251.57.209
acc-logtrade.at.ua
accounts-log.usite.pro
activesmshub.com
all-new-msgapp-app.000webhostapp.com
alqu.org
api.clique.us
api.snappcloud.com
app-new-for-new-msggg.000webhostapp.com
applefcuorg.com
ariseboundary.com
bit.ly
blancmarine.com
boburl.us
cibc-1secure-mobile.su
click.email.thinkgeek.com
coverd.yn.to
craigslist.kcdi-rks.org
craigslistlogaccounts.000webhostapp.com
curtarroyo.com
ddfundacja.org
deboerandsaxsma.com
drive-it.ml
eastwind.ml
expotaxibrasil.com.br
f4.bcbits.com
feeds.adknit.com
firebog.net
gcm.netmng.com
gistfy.facepunch.org
hagsa.mymailsrvr.com
identityiq.com
images.clemenvilla.info
iturbo.com.br
l.eml.condenast.com
l.eml.hearstmags.com
lacktiq5.beget.tech
links.mxserver-ao01.info
livewallpaper.info
madamadore.net
medlinetech.com
miningresources.co.za
mymailsrvr.com
myturbotax.intuit.comturbotax.radionovasc.com.br
new-messages-account-88545.000webhostapp.com
new-msg-corolla-info.000webhostapp.com
nhr1zpzxltpbvrvhlojc.boltoncares.org.uk
nob000.site
ogival.com.my
portalserver.argenta.be-00712dd58e22b0bca040fc92500.transportes
post5342cto.at.ua
posting-car.at.ua
realcenter-mobileapps.com
realcenter-mobileapps1.com
redirect.trigtrack.com
requested-new-app-for-msj.000webhostapp.com
russdales.com
s4.bcbits.com
sadvvaaonline.com
sigalens-immobilier.com
sourpuss.net
sqs.so
ssapthayoga.com
static.catfly.com
swiadomie.com
thalassemia.org.ae
toplivospb.ru
tpcgroup.vn
trade00926.at.ua
udmserve.net
unipharma-eg.com
usaa.com-inet.inet.ent-securelogon-reviewaccount-redirectjsp.au
usaa.com.o0ox.com
v.firebog.net
wallpaper.wiki
wildcard.photoboothsofarkansas.com
www.accuratevisions.com
www.adbull.co
www.akrostools.com
www.appleid.apple.com.clattervalley.com
www.celebsclothing.com
www.cpa.org.ar
www.craigslist.access-now.org
www.eventilation.com
www.forgottenwisdomprod.com
www.getnakedwithcoacharwen.com
www.identityiq.com
www.princessburlap.com
www.srvbytrking.com
www.tekstildanismanlik.net
www5.tax.hmrc.gov.uk.6218169007.tax.online.mumbaipsychiatryclin
x.co
xn--plnex-1sa3bb.com
xn--plniex-wxab.com
xn--polnix-fva1f.com

As expected, thanks. I've pushed a hotfix accordingly with extra validation and localhost whitelisted by default.
 
What if you temporarily rename the dnsmasq.postconf script it adds and restart dnsmasq to use your original WAN DNS servers? That should get old-fashioned DNS resolution working again.
Code:
mv /jffs/scripts/dnsmasq.postconf /jffs/scripts/no_dnsmasq.postconf
service restart_dnsmasq
If you run Diversion as well, this will temporarily break that as well, but it can be put back later.
Couldn't you simply temporarily change the WAN DNS host to a known DNS provider IP (e.g., 1.1.1.1, 8.8.8.8, or 9.9.9.9)?
 
Sounds like a DNSCrypt issue to me. The change in Skynet is minimal and has nothing todo with internet activity. Maybe a dnscrypt server is being blocked?
Luckily I didnt loose all connectivity to the router. I was ablle to SSH in and uninstall DNScrypt. Then reinstall Skynet. So things seem to be fine with Skynet again.

I do have these three outbound blocks appearing in in my syslog over and over. Appears to be to a ASUS webstorage IP address. I have never used or configured webstorage on my router. Any other reason why I am seeing these? How to stop these?

** partial copy of blocks appearing in syslog ****

kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 DST=210.65.113.170
kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 DST=210.65.113.167
kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 DST=210.65.113.168

Update

I temporarily disabled Skynet and then restarted it. The blocks on the ip addresses to Asus Webstorage have stopped.
 
Last edited:
Ran an update on Banmalware. Seeing the message "nslookup: can't resolve 'dnsrsearch.com'. Anything to be concerned about?

[$] /opt/bin/firewall banmalware
=============================================================================================================
Downloading filter.list | [0s]
Refreshing Whitelists | [2s]
Consolidating Blacklist | [7s]
Filtering IPv4 Addresses | [2s]
Filtering IPv4 Ranges | [0s]
Applying New Blacklist | [3s]
Refreshing AiProtect Bans | [1s]
Saving Changes | nslookup: can't resolve 'dnsrsearch.com'
[2s]
For Whitelisting Assistance -
https://www.snbforums.com/threads/skynet-asus-firewall-addition.16798/#post-115872
-*-
=============================================================================================================

 
Ran an update on Banmalware. Seeing the message "nslookup: can't resolve 'dnsrsearch.com'. Anything to be concerned about?

Nothing to be concerned about, should have been a silent error which is now fixed in the latest revision.
 
I've pushed an update (no version change)

This update adds an interesting new feature inspired by the WebUI implementation by @RMerlin in the upcoming firmware release. Connections can now be identified and sorted within Skynet by tapping into the DPI engine provided by Trend Micro.

The following commands are now available along with menu counterparts;

Code:
sh /jffs/scripts/firewall stats search connections
sh /jffs/scripts/firewall stats search connections ip xxx.xxx.xxx.xxx
sh /jffs/scripts/firewall stats search connections port xxxxx
sh /jffs/scripts/firewall stats search connections proto xxxx
sh /jffs/scripts/firewall stats search connections id xxxxxxxx

Thanks to @itsJarrett for assistance w/ implementation.

a61sXNT.png
 
Last edited:
I just saw that you updated Skynet, so I did an Update. But when I went to update malware, I got a statement that Skynet was not running. Hmmm. So I tried to do the update again, and then it did not do it because it said it was up to date. So then I did a forced update. That took, and it said Skynet was running, but when I went to reload malware, it said Skynet was not running. Here is a screen shot.

admin@RT-AC86U-1BD0:/tmp/home/root# sh /jffs/scripts/firewall update -f
################################################################################
# _____ _ _ __ #
# / ____| | | | / / #
# | (___ | | ___ _ _ __ ___| |_ __ __/ /_ #
# \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \ #
# ____) | <| |_| | | | | __/ |_ \ V /| (_) |#
# |_____/|_|\_\\__, |_| |_|\___|\__| \_/ \___/ #
# __/ | #
# |___/ #
# #
## - 13/01/2019 - Asus Firewall Addition By Adamm v6.6.6 #
## https://github.com/Adamm00/IPSet_ASUS #
################################################################################


================================================================================


Forcing Update
[%] New Version Detected - Updating To v6.6.6 (656935db285962a4c9ec68d553e6ebae)
Saving Changes
Unloading Skynet Components
[%] Restarting Firewall Service

Done.

admin@RT-AC86U-1BD0:/tmp/home/root# sh /jffs/scripts/firewall banmalware
################################################################################
# _____ _ _ __ #
# / ____| | | | / / #
# | (___ | | ___ _ _ __ ___| |_ __ __/ /_ #
# \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \ #
# ____) | <| |_| | | | | __/ |_ \ V /| (_) |#
# |_____/|_|\_\\__, |_| |_|\___|\__| \_/ \___/ #
# __/ | #
# |___/ #
# #
## - 13/01/2019 - Asus Firewall Addition By Adamm v6.6.6 #
## https://github.com/Adamm00/IPSet_ASUS #
################################################################################


================================================================================


[*] Skynet Not Running - Exiting

admin@RT-AC86U-1BD0:/tmp/home/root#

Then I did a soft reboot (from Putty), but that did not work. Both Putty and the GUI would not connect, but I was still streaming my audio stream. So then I did a hard reset, and got me back up and everything running. I was then able to reload both the malware and the banned country lists.
 
I've pushed an update (no version change)

This update adds an interesting new feature inspired by the WebUI implementation by @RMerlin in the upcoming firmware release. Connections can now be identified and sorted within Skynet by tapping into the DPI engine provided by Trend Micro.

The following commands are now available along with menu counterparts;

Code:
sh /jffs/scripts/firewall stats search connections
sh /jffs/scripts/firewall stats search connections ip xxx.xxx.xxx.xxx
sh /jffs/scripts/firewall stats search connections port xxxxx
sh /jffs/scripts/firewall stats search connections proto xxxx
sh /jffs/scripts/firewall stats search connections id xxxxxxxx

Thanks to @itsJarrett for assistance w/ implementation.
Cool, so would you recommend updating it through amtm?
 
Then I did a soft reboot (from Putty), but that did not work. Both Putty and the GUI would not connect, but I was still streaming my audio stream. So then I did a hard reset, and got me back up and everything running. I was then able to reload both the malware and the banned country lists.

If Skynet failed to start the reason would have been printed in your syslog after restart/update. I am unable to reproduce this otherwise (nor did any code change that would affect it) so the issue could be unrelated.

Cool, so would you recommend updating it through amtm?

Technically its the same thing, amtm just redirects you to Skynet's executable.
 
If Skynet failed to start the reason would have been printed in your syslog after restart/update. I am unable to reproduce this otherwise (nor did any code change that would affect it) so the issue could be unrelated.

Maybe. But I'm just giving you feedback with my experience.



Technically its the same thing, amtm just redirects you to Skynet's executable.
 
I've pushed an update (no version change)

This update adds an interesting new feature inspired by the WebUI implementation by @RMerlin in the upcoming firmware release. Connections can now be identified and sorted within Skynet by tapping into the DPI engine provided by Trend Micro.
I like how this supports IPv6 connections.

One issue I see though is that the last two characters of the IPv6 address are truncated.
For example, an address ending with "62b7:552d" in "ip neighbor" shows as "62:b7:55: |"

I can identify my devices with two additional screens:
Another PuTTY session with the output of "ip neighbor" to map IPv6 address to MAC address
Fing to map MAC address back to device
 
Sounds very much like what hit me out of the blue a few months back. I think I ended up doing a factory reset but there may well be a simpler, quicker way.

Needless to say, I did not reinstall DNSCrypt.

Not sure if I regained temporary Internet connectivity (long enough to release my Asus DDNS) by rebooting after leaving the router off for eg 30 secs, and that allowed me to swap over to my spare router. But I guess you tried such power-off reboots.

I've had issues with DNSCrypt before on ASUS routers. I don't use it anymore. I just use VPN's and I guess the DNS servers are encrypted within the tunnel.


Sent from my iPhone using Tapatalk Pro
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top