Menu
What's new
By:
Filters Better Search

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

davidlee93 said:
Because before the kernel panic occurred, the router/skynet was blocking a fairly high amount of IPs (50-100 IPs every two seconds) and it seems that either skynet or the RT-AC86U just isn't designed to handle this flood of blocked IPs.
Click to expand...

how many countries do you have blocked? I don't think I've ever seen that many blocks in the span of a couple seconds.
 
Hi All

I'am a newbie with using scripts and looking for an answer.
Direct question, what is the biggest difference between diversion and skynet?
I installed diversion and I thought, what can I better do with skynet?
Please excuse if my question is low thoughts or hurting the soul of the skynet fellows.

But, could anybody explain it to a newbie please?
Is it, because skynet is a firewall and is looking for inbound blocking and diversion is more for outbound blocking...something like that?
Thanks a lot and have a great summer!

Greetings ivi
 
ivi said:
Hi All

I'am a newbie with using scripts and looking for an answer.
Direct question, what is the biggest difference between diversion and skynet?
I installed diversion and I thought, what can I better do with skynet?
Please excuse if my question is low thoughts or hurting the soul of the skynet fellows.

But, could anybody explain it to a newbie please?
Is it, because skynet is a firewall and is looking for inbound blocking and diversion is more for outbound blocking...something like that?
Thanks a lot and have a great summer!

Greetings ivi
Click to expand...
My own beliefs:

Diversion: protects you from ads on your home network
SkyNet: protects you from malware and known hackers (inbound and outbound)
 
ivi said:
Hi All

I'am a newbie with using scripts and looking for an answer.
Direct question, what is the biggest difference between diversion and skynet?
I installed diversion and I thought, what can I better do with skynet?
Please excuse if my question is low thoughts or hurting the soul of the skynet fellows.

But, could anybody explain it to a newbie please?
Is it, because skynet is a firewall and is looking for inbound blocking and diversion is more for outbound blocking...something like that?
Thanks a lot and have a great summer!

Greetings ivi
Click to expand...

Welcome. :)

I consider Skynet a beefier version of AiProtection. Diversion is a network-based, Ad-blocking solution. You want both. :)

If you haven't seen it already, the amtm Step-by-Step guide will help you get both running properly and fully on a supported RMerlin powered Asus router by using a properly formatted USB drive and swap file too.

amtm Step-by-Step https://www.snbforums.com/threads/amtm-step-by-step-install-guide-l-ld.56237/#post-483421

You may also find some use of my other guides by following the link in my signature below. :)
 
ivi said:
Hi All

I'am a newbie with using scripts and looking for an answer.
Direct question, what is the biggest difference between diversion and skynet?
I installed diversion and I thought, what can I better do with skynet?
Please excuse if my question is low thoughts or hurting the soul of the skynet fellows.

But, could anybody explain it to a newbie please?
Is it, because skynet is a firewall and is looking for inbound blocking and diversion is more for outbound blocking...something like that?
Thanks a lot and have a great summer!

Greetings ivi
Click to expand...

Diversion blocks domains, Skynet blocks IP's.
 
Questionable security issue
Code: 
pptpd[28115]: CTRL: Client 139.162.102.46 control connection started
pptpd[28115]: CTRL: EOF or bad error reading ctrl packet length.
pptpd[28115]: CTRL: couldn't read packet header (exit)
pptpd[28115]: CTRL: CTRL read failed
pptpd[28115]: CTRL: Reaping child PPP[0]
pptpd[28115]: CTRL: Client 139.162.102.46 control connection finished
pptpd[2954]: CTRL: Client 185.232.67.13 control connection started
pptpd[2954]: CTRL: Starting call (launching pppd, opening GRE)
pptp[2955]: Plugin pptp.so loaded.
pptp[2955]: PPTP plugin version 0.8.5 compiled for pppd-2.4.7, linux-2.6.36.4
pptp[2955]: pppd 2.4.7 started by Sam_Network, uid 0
pptp[2955]: Using interface pptp0
pptp[2955]: Connect: pptp0 <--> pptp (185.232.67.13)
pptp[2955]: appear to have received our own echo-reply!
pptp[2955]: No CHAP secret found for authenticating 1
pptp[2955]: Peer 1 failed CHAP authentication
pptpd[2954]: CTRL: EOF or bad error reading ctrl packet length.
pptpd[2954]: CTRL: couldn't read packet header (exit)
pptpd[2954]: CTRL: CTRL read failed
pptpd[2954]: CTRL: Reaping child PPP[2955]
pptpd[2954]: CTRL: Client pppd TERM sending
pptpd[2954]: CTRL: Client pppd finish wait
pptp[2955]: Terminating on signal 15
pptpd[2974]: CTRL: Client 185.232.67.13 control connection started
pptpd[2974]: CTRL: failed to connect PPTP socket (Operation already in progress)
pptpd[2974]: CTRL: Reaping child PPP[0]
pptpd[2974]: CTRL: Client 185.232.67.13 control connection finished
pptpd[2977]: CTRL: Client 185.232.67.13 control connection started
pptpd[2977]: CTRL: failed to connect PPTP socket (Operation already in progress)
pptpd[2977]: CTRL: Reaping child PPP[0]
pptpd[2977]: CTRL: Client 185.232.67.13 control connection finished
pptp[2955]: Connection terminated.
pptp[2955]: Modem hangup
pptp[2955]: Exit.
pptpd[2954]: CTRL: Client 185.232.67.13 control connection finished
kernel: EMF_ERROR: Interface pptp0 doesn't exist
kernel: EMF_ERROR: Interface pptp0 doesn't exist
I noticed this in my system logs earlier today.
 
SomeWhereOverTheRainBow said:
Questionable security issue
Code: 
pptpd[28115]: CTRL: Client 139.162.102.46 control connection started
pptpd[28115]: CTRL: EOF or bad error reading ctrl packet length.
pptpd[28115]: CTRL: couldn't read packet header (exit)
pptpd[28115]: CTRL: CTRL read failed
pptpd[28115]: CTRL: Reaping child PPP[0]
pptpd[28115]: CTRL: Client 139.162.102.46 control connection finished
pptpd[2954]: CTRL: Client 185.232.67.13 control connection started
pptpd[2954]: CTRL: Starting call (launching pppd, opening GRE)
pptp[2955]: Plugin pptp.so loaded.
pptp[2955]: PPTP plugin version 0.8.5 compiled for pppd-2.4.7, linux-2.6.36.4
pptp[2955]: pppd 2.4.7 started by Sam_Network, uid 0
pptp[2955]: Using interface pptp0
pptp[2955]: Connect: pptp0 <--> pptp (185.232.67.13)
pptp[2955]: appear to have received our own echo-reply!
pptp[2955]: No CHAP secret found for authenticating 1
pptp[2955]: Peer 1 failed CHAP authentication
pptpd[2954]: CTRL: EOF or bad error reading ctrl packet length.
pptpd[2954]: CTRL: couldn't read packet header (exit)
pptpd[2954]: CTRL: CTRL read failed
pptpd[2954]: CTRL: Reaping child PPP[2955]
pptpd[2954]: CTRL: Client pppd TERM sending
pptpd[2954]: CTRL: Client pppd finish wait
pptp[2955]: Terminating on signal 15
pptpd[2974]: CTRL: Client 185.232.67.13 control connection started
pptpd[2974]: CTRL: failed to connect PPTP socket (Operation already in progress)
pptpd[2974]: CTRL: Reaping child PPP[0]
pptpd[2974]: CTRL: Client 185.232.67.13 control connection finished
pptpd[2977]: CTRL: Client 185.232.67.13 control connection started
pptpd[2977]: CTRL: failed to connect PPTP socket (Operation already in progress)
pptpd[2977]: CTRL: Reaping child PPP[0]
pptpd[2977]: CTRL: Client 185.232.67.13 control connection finished
pptp[2955]: Connection terminated.
pptp[2955]: Modem hangup
pptp[2955]: Exit.
pptpd[2954]: CTRL: Client 185.232.67.13 control connection finished
kernel: EMF_ERROR: Interface pptp0 doesn't exist
kernel: EMF_ERROR: Interface pptp0 doesn't exist
I noticed this in my system logs earlier today.
Click to expand...
Was SkyNet running and logging anything? Seems like a real problem from Romania.
https://otx.alienvault.com/indicator/ip/185.232.67.13
 
SomeWhereOverTheRainBow said:
Questionable security issue
Code: 
pptpd[28115]: CTRL: Client 139.162.102.46 control connection started
pptpd[28115]: CTRL: EOF or bad error reading ctrl packet length.
pptpd[28115]: CTRL: couldn't read packet header (exit)
pptpd[28115]: CTRL: CTRL read failed
pptpd[28115]: CTRL: Reaping child PPP[0]
pptpd[28115]: CTRL: Client 139.162.102.46 control connection finished
pptpd[2954]: CTRL: Client 185.232.67.13 control connection started
pptpd[2954]: CTRL: Starting call (launching pppd, opening GRE)
pptp[2955]: Plugin pptp.so loaded.
pptp[2955]: PPTP plugin version 0.8.5 compiled for pppd-2.4.7, linux-2.6.36.4
pptp[2955]: pppd 2.4.7 started by Sam_Network, uid 0
pptp[2955]: Using interface pptp0
pptp[2955]: Connect: pptp0 <--> pptp (185.232.67.13)
pptp[2955]: appear to have received our own echo-reply!
pptp[2955]: No CHAP secret found for authenticating 1
pptp[2955]: Peer 1 failed CHAP authentication
pptpd[2954]: CTRL: EOF or bad error reading ctrl packet length.
pptpd[2954]: CTRL: couldn't read packet header (exit)
pptpd[2954]: CTRL: CTRL read failed
pptpd[2954]: CTRL: Reaping child PPP[2955]
pptpd[2954]: CTRL: Client pppd TERM sending
pptpd[2954]: CTRL: Client pppd finish wait
pptp[2955]: Terminating on signal 15
pptpd[2974]: CTRL: Client 185.232.67.13 control connection started
pptpd[2974]: CTRL: failed to connect PPTP socket (Operation already in progress)
pptpd[2974]: CTRL: Reaping child PPP[0]
pptpd[2974]: CTRL: Client 185.232.67.13 control connection finished
pptpd[2977]: CTRL: Client 185.232.67.13 control connection started
pptpd[2977]: CTRL: failed to connect PPTP socket (Operation already in progress)
pptpd[2977]: CTRL: Reaping child PPP[0]
pptpd[2977]: CTRL: Client 185.232.67.13 control connection finished
pptp[2955]: Connection terminated.
pptp[2955]: Modem hangup
pptp[2955]: Exit.
pptpd[2954]: CTRL: Client 185.232.67.13 control connection finished
kernel: EMF_ERROR: Interface pptp0 doesn't exist
kernel: EMF_ERROR: Interface pptp0 doesn't exist
I noticed this in my system logs earlier today.
Click to expand...
Definitely a malicious IP.
https://otx.alienvault.com/indicator/ip/185.232.67.13

If using Skynet lists, it should be blocked.
Code: 
Exact Matches;
--------------       | ---------                              
| IP Address |       | | List |                              
--------------       | ---------                              
185.232.67.13        | https://iplists.firehol.org/files/alienvault_reputation.ipset
185.232.67.13        | https://iplists.firehol.org/files/bds_atif.ipset
185.232.67.13        | https://iplists.firehol.org/files/firehol_level2.netset
185.232.67.13        | https://iplists.firehol.org/files/normshield_high_attack.ipset
  
Possible CIDR Matches;
--------------       | ---------                              
| IP Address |       | | List |                              
--------------       | ---------                              
185.232.67.0/24      | https://iplists.firehol.org/files/firehol_level3.netset

That is found using this command line as defined in post 1 or 2 of this thread.
Code: 
/jffs/scripts/firewall stats search malware 185.232.67.13 10
 
ivi said:
Hi All

I'am a newbie with using scripts and looking for an answer.
Direct question, what is the biggest difference between diversion and skynet?
I installed diversion and I thought, what can I better do with skynet?
Please excuse if my question is low thoughts or hurting the soul of the skynet fellows.

But, could anybody explain it to a newbie please?
Is it, because skynet is a firewall and is looking for inbound blocking and diversion is more for outbound blocking...something like that?
Thanks a lot and have a great summer!

Greetings ivi
Click to expand...
https://www.snbforums.com/threads/skynet-diversion-questions.56258/#post-483767
 
Butterfly Bones said:
Definitely a malicious IP.
https://otx.alienvault.com/indicator/ip/185.232.67.13

If using Skynet lists, it should be blocked.
Code: 
Exact Matches;
--------------       | ---------                            
| IP Address |       | | List |                            
--------------       | ---------                            
185.232.67.13        | https://iplists.firehol.org/files/alienvault_reputation.ipset
185.232.67.13        | https://iplists.firehol.org/files/bds_atif.ipset
185.232.67.13        | https://iplists.firehol.org/files/firehol_level2.netset
185.232.67.13        | https://iplists.firehol.org/files/normshield_high_attack.ipset
 
Possible CIDR Matches;
--------------       | ---------                            
| IP Address |       | | List |                            
--------------       | ---------                            
185.232.67.0/24      | https://iplists.firehol.org/files/firehol_level3.netset

That is found using this command line as defined in post 1 or 2 of this thread.
Code: 
/jffs/scripts/firewall stats search malware 185.232.67.13 10
Click to expand...
strange thing is skynet didn't catch it. I went ahead and refreshed skynet and made sure it was uptodate.
 
SomeWhereOverTheRainBow said:
strange thing is skynet didn't catch it. I went ahead and refreshed skynet and made sure it was uptodate.
Click to expand...
Is SkyNet disabled somehow? I would probably think about nuking your router if you can’t tell what’s really going on. If SkyNet was enabled, it should have stopped this IP cold unless you whitelisted it ever.
 
dave14305 said:
Is SkyNet disabled somehow? I would probably think about nuking your router if you can’t tell what’s really going on. If SkyNet was enabled, it should have stopped this IP cold unless you whitelisted it ever.
Click to expand...
some how it was saying enabled, but there was no active blocked domains listed..updating it fixed the issue
 
dave14305 said:
Is SkyNet disabled somehow? I would probably think about nuking your router if you can’t tell what’s really going on. If SkyNet was enabled, it should have stopped this IP cold unless you whitelisted it ever.
Click to expand...
Skynet: [#] 1 IPs (+0) -- 0 Ranges Banned (+0) || 0 Inbound -- 0 Outbound Connections Blocked! [save]
this is what it said.
 
SomeWhereOverTheRainBow said:
Skynet: [#] 1 IPs (+0) -- 0 Ranges Banned (+0) || 0 Inbound -- 0 Outbound Connections Blocked! [save]
this is what it said.
Click to expand...
That happens when the Banmalware Update times out, for whatever reason. Router busy, internet connection times out. I've seen that a couple times. I always make certain that the update runs in the morning when I can check it, just in case.

When the firewall starts or restarts, there is a cron job set, but Skynet sets a random hour and 25 minutes after. I run it at 0625 since I get up around 0600, but manually changing the crontab.
 
SomeWhereOverTheRainBow said:
Skynet: [#] 1 IPs (+0) -- 0 Ranges Banned (+0) || 0 Inbound -- 0 Outbound Connections Blocked! [save]
this is what it said.
Click to expand...
But even without SkyNet and it’s raw iptables filtering, why wouldn’t the normal firewall block whatever this connection was? What do you have open to the outside?
 
dave14305 said:
But even without SkyNet and it’s raw iptables filtering, why wouldn’t the normal firewall block whatever this connection was? What do you have open to the outside?
Click to expand...
finally able to respond. I do not have any external ports open if that is what you are asking, and no additional firewall rules. This gives me the ability to appreciate and pay more attention to skynet in my logs. It shows what skynet brings to the table.
 
upload_2019-6-29_17-58-15-png.18465


If i do not configure a Skynet fast switch, and i decide to use my fast switch with diversion, will skynet still protect with the regular default skynet if i do not use a fast switch option for it when connected to the smaller list that is defined for fast switch within diversion?
 
SomeWhereOverTheRainBow said:
Skynet: [#] 1 IPs (+0) -- 0 Ranges Banned (+0) || 0 Inbound -- 0 Outbound Connections Blocked! [save]
this is what it said.
Click to expand...

This output indicates you only have one IP banned, if you are looking to ban the default lists run the "banmalware" command.
 
You must log in or register to reply here.

Similar threads

W
Looking for an add-on that does...
Replies
5
Views
2K
JGrana
JGrana
Viktor Jaep
Skynet Filter Validator v0.7 - Skynet Firewall Filter List IPv4 Integrity Validator
3 4 5
Replies
83
Views
13K
SomeWhereOverTheRainBow
SomeWhereOverTheRainBow
M
Firewall doesen't block custom rules, neighter Skynet
Replies
0
Views
1K
MamaLing
M
G
Skynet Cannot start Skynet
Replies
0
Views
2K
gjf
G
Viktor Jaep
TAILMON TAILMON v1.0.20 -July 27, 2024- WireGuard-based Tailscale Installer, Configurator and Monitor (Now available in AMTM!)
26 27 28
Replies
556
Views
60K
XIII
XIII
Similar threads
Thread starter Title Forum Replies Date
Klonoa Skynet Skynet causes router to crash and reboot Asuswrt-Merlin AddOns 1
S Skynet Skynet showing router itself making calls to China? Asuswrt-Merlin AddOns 26
J Skynet Skynet - Blocked outbounds coming from the router itself? Asuswrt-Merlin AddOns 12
O Skynet Installing Skynet causes router to crash and reboot Asuswrt-Merlin AddOns 26
Davidncali001 Skynet Message on SKYNET I havent seen before Asuswrt-Merlin AddOns 1
S Skynet firewall reduces wireless range Asuswrt-Merlin AddOns 14
P Skynet Internet speed lower with Skynet on Asuswrt-Merlin AddOns 9
N Skynet SkyNet/Firewall blocking all ping requests, including outbound Asuswrt-Merlin AddOns 6
W Skynet SOLVED: Scrollbar Disappears on Skynet Tab on Asuswrt-Merlin 386.14 Asuswrt-Merlin AddOns 10
D Skynet Best way to configure SkyNet on RX-AT82U Asuswrt-Merlin AddOns 7

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 726 (members: 28, guests: 698)
Top