Skynet Skynet - Router Firewall & Security Enhancements

[martinr]

I just found out that Diversion is blocking Google searches
How is that even possible?
When I go through the stats and look up the culprit, I see it’s whitelisted: https://otx.alienvault.com/indicator/ip/172.217.168.228
How can it get blocked by my router? And more important how can I fix this?

Do you type google.com into your address bar and it gets altered to suit the country you are in eg google.co.uk? Can you try typing into your address bar www.google.com/ncr

Does it happen on all devices and browsers?

 

[martinr]

I just found out that Diversion is blocking Google searches
How is that even possible?
When I go through the stats and look up the culprit, I see it’s whitelisted: https://otx.alienvault.com/indicator/ip/172.217.168.228
How can it get blocked by my router? And more important how can I fix this?

By the way, whilst I’m keen to find the cause of, and a solution to, your problem, this might also be a good opportunity to draw your attention to a couple of search engines I knew nothing about:


https://www.snbforums.com/threads/r...urity-enhancements.16798/page-232#post-490294



https://www.snbforums.com/threads/r...urity-enhancements.16798/page-232#post-490390

 

[Bogey]

By the way, whilst I’m keen to find the cause of, and a solution to, your problem, this might also be a good opportunity to draw your attention to a couple of search engines I knew nothing about:


https://www.snbforums.com/threads/r...urity-enhancements.16798/page-232#post-490294



https://www.snbforums.com/threads/r...urity-enhancements.16798/page-232#post-490390

I know a few and I must say I’m pretty damn close to switching my default search engine on iPad and iPhone to DDG (there are only four choices... though Yahoo cannot be considered a choice imho). On my desktop I use DEVONagent.

Do you type google.com into your address bar and it gets altered to suit the country you are in eg google.co.uk? Can you try typing into your address bar www.google.com/ncr

Does it happen on all devices and browsers?

Earlier today I had problems with my iPhone, I bypassed it by opening a VPN connection from my phone to a vpn server.
Later, before I wrote the post above, I was using my iPad. After some fiddling with turning on and off Diversion and Skynet, using a direct VPN connection and, indeed, a different search engine, I found it was Google. But the funny thing is that the log stated the country as CH (Switzerland)... Anyway, I cleared out the ban list (except those added manually) and voilà: Bob’s your uncle.

Whenever I enter something in the address bars of iPhone or iPad, I end up at google.nl (though I do have a bookmark google.com/ncr that I use to filter out some of the Dutch crap from the search results).

 

[Treadler]

I know a few and I must say I’m pretty damn close to switching my default search engine on iPad and iPhone to DDG (there are only four choices... though Yahoo cannot be considered a choice imho). On my desktop I use DEVONagent.


Earlier today I had problems with my iPhone, I bypassed it by opening a VPN connection from my phone to a vpn server.
Later, before I wrote the post above, I was using my iPad. After some fiddling with turning on and off Diversion and Skynet, using a direct VPN connection and, indeed, a different search engine, I found it was Google. But the funny thing is that the log stated the country as CH (Switzerland)... Anyway, I cleared out the ban list (except those added manually) and voilà: Bob’s your uncle.

Whenever I enter something in the address bars of iPhone or iPad, I end up at google.nl (though I do have a bookmark google.com/ncr that I use to filter out some of the Dutch crap from the search results).

Duckduckgo has been my go to search engine for some years. Claims not to track, searches well, what’s there not to love?!

 

[cmkelley]

I just found out that Diversion is blocking Google searches
How is that even possible?
When I go through the stats and look up the culprit, I see it’s whitelisted: https://otx.alienvault.com/indicator/ip/172.217.168.228
How can it get blocked by my router? And more important how can I fix this?

Are you having trouble getting results in google searches or do some of the (top) links not work?

Any links marked [ad] go through googleadservices, which is blocked, so clicking on those doesn't work. I'm on the fence between whitelisting googleadservices or switching to something like searchencrypt.

 

[martinr]

Are you having trouble getting results in google searches or do some of the (top) links not work?

Any links marked [ad] go through googleadservices, which is blocked, so clicking on those doesn't work. I'm on the fence between whitelisting googleadservices or switching to something like searchencrypt.

Well done. I bet you’re right and I completely misunderstood, thinking the google domain itself was being totally blocked. Clicking on a googleadservices link is one way I test my OpenVPN Server connection back home is working when I’m out and connected to a public wifi.

 

[Bogey]

Are you having trouble getting results in google searches or do some of the (top) links not work?

Any links marked [ad] go through googleadservices, which is blocked, so clicking on those doesn't work. I'm on the fence between whitelisting googleadservices or switching to something like searchencrypt.

No links clicked, just doing a search by entering keywords in the URL bar of Safari on either iphone and ipad.

 

[cmkelley]

No links clicked, just doing a search by entering keywords in the URL bar of Safari on either iphone and ipad.

Wow. While I'm in the US, I've never had a problem getting to google.

 

[martinr]

No links clicked, just doing a search by entering keywords in the URL bar of Safari on either iphone and ipad.

And me too: never had a problem in the UK getting to Google. Sorry foe suddenly thinking I might have misunderstood your posting.

 

[Adamm]

I just found out that Diversion is blocking Google searches
How is that even possible?
When I go through the stats and look up the culprit, I see it’s whitelisted: https://otx.alienvault.com/indicator/ip/172.217.168.228
How can it get blocked by my router? And more important how can I fix this?

This IP is not blocked by Skynet by default;

skynet@RT-AX88U-DC28:/tmp/home/root# firewall stats search ip 172.217.168.228
*snip*

172.217.168.228 is NOT in set Skynet-Whitelist.
172.217.168.228 is NOT in set Skynet-Blacklist.
172.217.168.228 is NOT in set Skynet-BlockedRanges.

If it is being blocked by Diversion as you said... wouldn't the solution be whitelisting it there?

 

[Bogey]

Oh s#it I mixed them up in the post above.
My apologies, it was Skynet.
it should be “I just found out that Skynet is blocking Google searches”
(How else could I posted the url to alienvault)

Skynet bans automatically, after a number of hits, right?

 

[martinr]

....Skynet bans automatically, after a number of hits, right?

Can you expand on what you means by “hits”?

 

[Adamm]

Oh s#it I mixed them up in the post above.
My apologies, it was Skynet.
it should be “I just found out that Skynet is blocking Google searches”
(How else could I posted the url to alienvault)

Skynet bans automatically, after a number of hits, right?

No, Skynet sources IP's to blacklist when using the banmalware feature from various reputation lists.

I suggest using the following guide (and the various stat commands in the readme) to determine what is being blocked and whitelist it accordingly.

https://www.snbforums.com/threads/r...wall-security-enhancements.16798/#post-115872

 

[Bogey]

Could it have been the “plus” feature in Diversion so the IP address ended up at Skynet’s ban list? Because when I cleared the ban list all went well.

 

[thelonelycoder]

Could it have been the “plus” feature in Diversion so the IP address ended up at Skynet’s ban list? Because when I cleared the ban list all went well.

No. We only share the whitelisted domains.

 

[Bogey]

Then I’m at a loss, I don’t know how the IP’s 172.217.17.131 and 172.217.168.228 could have ended up banned.
As I said when I opened Skynet (option 2), unban (option 1), all non manually added (option 7), I could search again...

 

[Adamm]

Then I’m at a loss, I don’t know how the IP’s 172.217.17.131 and 172.217.168.228 could have ended up banned.
As I said when I opened Skynet (option 2), unban (option 1), all non manually added (option 7), I could search again...

( sh /jffs/scripts/firewall stats search ip 8.8.8.8 ) Search All Debug Data For Entries On 8.8.8.8

( sh /jffs/scripts/firewall stats search malware 8.8.8.8 ) Search Malwarelists For Specified IP

 

[Bogey]

Those came out clean, as expected, because, when I had the problem, in all my ignorance (or stupidity — you pick ) I ran a forced update and had installed scribe, before I could some serious digging. If it happens again I know what to do and what to report here, not some vague “my google searches didn’t work, why is that?”. Thanks for your support Adamm, martinr and thelonelycoder. And, of course, for creating the scripts.

 

[consorts]

what's skynet's problem with;
http://hirschstraps.com/

when skynet's active i get;
in IE11: (other browsers have same issue)
The DNS server might be having problems.
Error Code: INET_E_RESOURCE_NOT_FOUND

when skynet is down, i resolve there just fine.
i whitelist the domain, skynet still blocks
i uninstall and reinstall skynet, still blocks
i disable skynet it resolves, reload it again - now blocked
i try to disable DNSSEC and use another DNS
skynet still blocks (i am NOT using Stubby)

Input Domain To Whitelist:

[URL]: hirschstraps.com

[$] /jffs/scripts/firewall whitelist domain hirschstraps.com

[i] Adding hirschstraps.com To Whitelist
[i] Whitelisting 23.227.38.32
ipset v6.32: Element cannot be added to the set: it's already added
[i] Saving Changes

[#] 138903 IPs (+0) -- 1731 Ranges Banned (+0) || 15 Inbound -- 12 Outbound Con]

[i] Press Enter To Continue...

 

[dave14305]

what's skynet's problem with;
http://hirschstraps.com/

when skynet's active i get;
in IE11: (other browsers have same issue)
The DNS server might be having problems.
Error Code: INET_E_RESOURCE_NOT_FOUND

when skynet is down, i resolve there just fine.
i whitelist the domain, skynet still blocks
i uninstall and reinstall skynet, still blocks
i disable skynet it resolves, reload it again - now blocked
i try to disable DNSSEC and use another DNS
skynet still blocks (i am NOT using Stubby)

Input Domain To Whitelist:

[URL]: hirschstraps.com

[$] /jffs/scripts/firewall whitelist domain hirschstraps.com

[i] Adding hirschstraps.com To Whitelist
[i] Whitelisting 23.227.38.32
ipset v6.32: Element cannot be added to the set: it's already added
[i] Saving Changes

[#] 138903 IPs (+0) -- 1731 Ranges Banned (+0) || 15 Inbound -- 12 Outbound Con]

[i] Press Enter To Continue...

For me, it blocked 23.227.38.64.

23.227.38.64 is NOT in set Skynet-Whitelist.
23.227.38.64 is in set Skynet-Blacklist.
23.227.38.64 is NOT in set Skynet-BlockedRanges.

Blacklist Reason;
"BanMalware: firehol_level3.netset"

Associated Domain(s);
--*

IP Location - Canada (Cloudflare, Inc. / AS13335)

23.227.38.64 First Tracked On Jun 18 10:37:50
23.227.38.64 Last Tracked On Jun 18 10:37:59
6 Blocks Total