What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Hi,

Today I saw there was a new update for Skynet, when tried through AMTM to get in to update it, this error showed up:

Code:
Oct  9 08:00:01 kernel: EXT4-fs error (device sda1): add_dirent_to_buf:1280: inode #262145: block 1056800: comm sh: bad entry in directory: inode out of bounds - offset=0(0), inode=1074004099, rec_len=12, name_len=1
Oct  9 08:00:01 kernel: EXT4-fs error (device sda1): add_dirent_to_buf:1280: inode #262145: block 1056800: comm sh: bad entry in directory: inode out of bounds - offset=0(0), inode=1074004099, rec_len=12, name_len=1

EHUUY95.png


What can I do to fix it?


Your USB is showing signs of corruption/failure, I'd try run e2fsck first, if issues continue then it might be time for a new USB.
 
Your USB is showing signs of corruption/failure, I'd try run e2fsck first, if issues continue then it might be time for a new USB.
Thanks for the reply. Sadly I can't find it's root cause, because I've tried several USB drives (even top brand), and after some time always find that pixelserv is not running or like this that cannot access skynet, etc due to corruption...

I run amtm/skynet/freshjr/diversion and a swap in just one partition.


Sent from S.G. S9 Plus Duos using Tapatalk
 
Thanks for the reply. Sadly I can't find it's root cause, because I've tried several USB drives (even top brand), and after some time always find that pixelserv is not running or like this that cannot access skynet, etc due to corruption...

I run amtm/skynet/freshjr/diversion and a swap in just one partition.

I can't speak for those other occasions without seeing exact output, but this particular error you posted is directly filesystem related and not firmware/script. That being said an e2fsck is your best option, if that fails you could try reformatting the device in AMTM.
 
I can't speak for those other occasions without seeing exact output, but this particular error you posted is directly filesystem related and not firmware/script. That being said an e2fsck is your best option, if that fails you could try reformatting the device in AMTM.
Thanks, I format it to make it fast this time.

Sent from S.G. S9 Plus Duos using Tapatalk
 
Now Skynet can use CDN Whitelisting.

What do you think to add optional Root DNS and Top level DNS domains?
Or are these already coved by the CDN Whitelisting?

Whitelist root DNS servers:
https://www.iana.org/domains/root/servers

Whitelist top level DNS servers:
https://www.iana.org/domains/root/db

When you are interested we have to look for a downloadable version from I assume from iana.

Generally speaking addresses like these are filtered out by the maintainers or firehol's automated process so we should be okay to leave it for now unless you have any specific examples of blocked addresses.
 
Generally speaking addresses like these are filtered out by the maintainers or firehol's automated process so we should be okay to leave it for now unless you have any specific examples of blocked addresses.
Thanks for the answer.
 
Hey @Adamm I keep getting a block to a "stack path CDN" in the USA, are CDN's supposed to be whitelisted? The stat is listed below.
151.139.128.10 (US) | https://otx.alienvault.com/indicator/ip/151.139.128.10 | BanMalware: firehol_level3.netset

AS20446 is already whitelisted on my end, do you get a different result?

Code:
skynet@RT-AX88U-DC28:/tmp/home/root# firewall stats search ip 151.139.128.10
#############################################################################################################
#                     _____ _                     _             __                      #
#                    / ____| |                   | |           / /                      #
#                   | (___ | | ___   _ _ __   ___| |_  __   __/ /_                      #
#                    \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \                     #
#                    ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |                    #
#                   |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/                     #
#                                 __/ |                                                #
#                                |___/                                                  #
#                                                                                    #
## - 06/10/2019 -           Asus Firewall Addition By Adamm v6.8.8                    #
##                   https://github.com/Adamm00/IPSet_ASUS                            #
#############################################################################################################


=============================================================================================================


[i] Logging Data Detected in /tmp/mnt/USB/skynet/skynet.log - 3.2M
[i] Monitoring From Oct 8 05:00:28 To Oct 10 21:50:22
[i] 14098 Block Events Detected
[i] 1974 Unique IPs
[i] 0 Manual Bans Issued

151.139.128.10 is in set Skynet-Whitelist.
151.139.128.10 is in set Skynet-Blacklist.
151.139.128.10 is NOT in set Skynet-BlockedRanges.

Whitelist Reason;
 151.139.128.0/20 "CDN-Whitelist: AS20446 "
 151.139.128.0/24 "CDN-Whitelist: AS20446 "

Blacklist Reason;
 "BanMalware: firehol_level3.netset"


Associated Domain(s);
insightsresourcesseekcomau.coredns.network
seekcomau.coredns.network
w4t7i8d6.stackpathcdn.com
a3p5q4h4.stackpathcdn.com


[i] IP Location - United States (Highwinds Network Group, Inc. / AS20446)
 
AS20446 is already whitelisted on my end, do you get a different result?

Code:
skynet@RT-AX88U-DC28:/tmp/home/root# firewall stats search ip 151.139.128.10
#############################################################################################################
#                     _____ _                     _             __                      #
#                    / ____| |                   | |           / /                      #
#                   | (___ | | ___   _ _ __   ___| |_  __   __/ /_                      #
#                    \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \                     #
#                    ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |                    #
#                   |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/                     #
#                                 __/ |                                                #
#                                |___/                                                  #
#                                                                                    #
## - 06/10/2019 -           Asus Firewall Addition By Adamm v6.8.8                    #
##                   https://github.com/Adamm00/IPSet_ASUS                            #
#############################################################################################################


=============================================================================================================


[i] Logging Data Detected in /tmp/mnt/USB/skynet/skynet.log - 3.2M
[i] Monitoring From Oct 8 05:00:28 To Oct 10 21:50:22
[i] 14098 Block Events Detected
[i] 1974 Unique IPs
[i] 0 Manual Bans Issued

151.139.128.10 is in set Skynet-Whitelist.
151.139.128.10 is in set Skynet-Blacklist.
151.139.128.10 is NOT in set Skynet-BlockedRanges.

Whitelist Reason;
 151.139.128.0/20 "CDN-Whitelist: AS20446 "
 151.139.128.0/24 "CDN-Whitelist: AS20446 "

Blacklist Reason;
 "BanMalware: firehol_level3.netset"


Associated Domain(s);
insightsresourcesseekcomau.coredns.network
seekcomau.coredns.network
w4t7i8d6.stackpathcdn.com
a3p5q4h4.stackpathcdn.com


[i] IP Location - United States (Highwinds Network Group, Inc. / AS20446)
Here are my results @Adamm
Code:
 firewall stats search ip 151.1
39.128.10
################################################################################
#                                _____ _                     _             __  #
#                               / ____| |                   | |           / /  #
#                              | (___ | | ___   _ _ __   ___| |_  __   __/ /_  #
#                               \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \ #
#                               ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |#
#                              |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/ #
#                                            __/ |                             #
#                                           |___/                              #
#                                                                              #
## - 06/10/2019 -                  Asus Firewall Addition By Adamm v6.8.8      #
##                                 https://github.com/Adamm00/IPSet_ASUS       #
################################################################################


================================================================================


*--
[*] !!! Logging Is Disabled !!!
[*] To Enable Use ( sh /opt/bin/firewall settings logmode enable )

[i] Logging Data Detected in /tmp/mnt/stuff/skynet/skynet.log - 5.5M
[i] Monitoring From Sep 5 13:09:17 To Sep 9 09:11:30
[i] 20714 Block Events Detected
[i] 1896 Unique IPs
[i] 0 Manual Bans Issued

151.139.128.10 is in set Skynet-Whitelist.
151.139.128.10 is in set Skynet-Blacklist.
151.139.128.10 is NOT in set Skynet-BlockedRanges.

Whitelist Reason;
 151.139.128.0/24 "CDN-Whitelist: AS20446 "
 151.139.128.0/20 "CDN-Whitelist: AS20446 "

Blacklist Reason;
 "BanMalware: firehol_level3.netset"


Associated Domain(s);
k2e9a3p5.stackpathcdn.com
j8h5u9d7.stackpathcdn.com
w9b9a2f5.stackpathcdn.com


[i] IP Location - United States (Highwinds Network Group, Inc. / AS20446)

[i] 151.139.128.10 First Tracked On Sep 5 17:08:09
[i] 151.139.128.10 Last Tracked On Sep 6 15:13:19
[i] 70 Blocks Total

Event Log Entries From 151.139.128.10;
*--
First Block Tracked From 151.139.128.10;
Sep  5 17:08:09 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:01:9b:20:

10 Most Recent Blocks From 151.139.128.10;
Sep  6 15:12:14 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:01:9b:20:
Sep  6 15:12:15 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:01:9b:20:
Sep  6 15:12:17 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:01:9b:20:
Sep  6 15:12:17 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:01:9b:20:
Sep  6 15:12:21 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:01:9b:20:
Sep  6 15:12:26 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:01:9b:20:
Sep  6 15:12:26 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:01:9b:20:
Sep  6 15:12:29 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:01:9b:20:
Sep  6 15:12:45 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:01:9b:20:
Sep  6 15:13:19 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:01:9b:20:


Top 10 Targeted Ports From 151.139.128.10 (Inbound);


--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------

-*-

Top 10 Sourced Ports From 151.139.128.10 (Inbound);


--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------

--*


================================================================================


[#] 137975 IPs (+0) -- 1579 Ranges Banned (+0) || 4384 Inbound -- 44 Outbound C]
 
Is the reason that, the IP is whitelisted and blacklisted at the same time?
 
Is the reason that, the IP is whitelisted and blacklisted at the same time?
The whitelist overrides the blacklist in the iptables rules (NOT in whitelist AND in blacklist).
Code:
-A PREROUTING -i br0 -m set ! --match-set Skynet-Whitelist dst -m set --match-set Skynet-Master dst -j LOG --log-prefix "[BLOCKED - OUTBOUND] " --log-tcp-sequence --log-tcp-options --log-ip-options
Since you have logging disabled, how do you know it's still being blocked by Skynet?
 
Since you have logging disabled, how do you know it's still being blocked by Skynet?
Outbound connections block keeps blocking it, thus why I inquired. Keeps incrementing upward each hour. This is unusual to my network.
 
Outbound connections block keeps blocking it, thus why I inquired. Keeps incrementing upward each hour. This is unusual to my network.
Also I have zero manual bans or blacklist entries. Skynet is running default settings.
 
Should I re-install Skynet guys? And monitor from here?
 
Here are my results @Adamm
Code:
 firewall stats search ip 151.1
39.128.10
################################################################################
#                                _____ _                     _             __  #
#                               / ____| |                   | |           / /  #
#                              | (___ | | ___   _ _ __   ___| |_  __   __/ /_  #
#                               \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \ #
#                               ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |#
#                              |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/ #
#                                            __/ |                             #
#                                           |___/                              #
#                                                                              #
## - 06/10/2019 -                  Asus Firewall Addition By Adamm v6.8.8      #
##                                 https://github.com/Adamm00/IPSet_ASUS       #
################################################################################


================================================================================


*--
[*] !!! Logging Is Disabled !!!
[*] To Enable Use ( sh /opt/bin/firewall settings logmode enable )

[i] Logging Data Detected in /tmp/mnt/stuff/skynet/skynet.log - 5.5M
[i] Monitoring From Sep 5 13:09:17 To Sep 9 09:11:30
[i] 20714 Block Events Detected
[i] 1896 Unique IPs
[i] 0 Manual Bans Issued

151.139.128.10 is in set Skynet-Whitelist.
151.139.128.10 is in set Skynet-Blacklist.
151.139.128.10 is NOT in set Skynet-BlockedRanges.

Whitelist Reason;
 151.139.128.0/24 "CDN-Whitelist: AS20446 "
 151.139.128.0/20 "CDN-Whitelist: AS20446 "

Blacklist Reason;
 "BanMalware: firehol_level3.netset"


Associated Domain(s);
k2e9a3p5.stackpathcdn.com
j8h5u9d7.stackpathcdn.com
w9b9a2f5.stackpathcdn.com


[i] IP Location - United States (Highwinds Network Group, Inc. / AS20446)

[i] 151.139.128.10 First Tracked On Sep 5 17:08:09
[i] 151.139.128.10 Last Tracked On Sep 6 15:13:19
[i] 70 Blocks Total

Event Log Entries From 151.139.128.10;
*--
First Block Tracked From 151.139.128.10;
Sep  5 17:08:09 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:01:9b:20:

10 Most Recent Blocks From 151.139.128.10;
Sep  6 15:12:14 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:01:9b:20:
Sep  6 15:12:15 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:01:9b:20:
Sep  6 15:12:17 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:01:9b:20:
Sep  6 15:12:17 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:01:9b:20:
Sep  6 15:12:21 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:01:9b:20:
Sep  6 15:12:26 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:01:9b:20:
Sep  6 15:12:26 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:01:9b:20:
Sep  6 15:12:29 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:01:9b:20:
Sep  6 15:12:45 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:01:9b:20:
Sep  6 15:13:19 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=0c:9d:92:01:9b:20:


Top 10 Targeted Ports From 151.139.128.10 (Inbound);


--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------

-*-

Top 10 Sourced Ports From 151.139.128.10 (Inbound);


--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------

--*


================================================================================


[#] 137975 IPs (+0) -- 1579 Ranges Banned (+0) || 4384 Inbound -- 44 Outbound C]

Those are old logs from September if you look at the date closely, you currently have logging disabled so they wont naturally clear themselves.
 
Those are old logs from September if you look at the date closely, you currently have logging disabled so they wont naturally clear themselves.
Why do outbound blocks keep incrementing upward, each hour?
 
Why do outbound blocks keep incrementing upward, each hour?

If you enable logging you will be able to find out :p
 
Sorry, I re-installed and find now something completely different.
Code:
Oct 10 07:32:15 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=204.83.124.135 DST=1.1.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=44294 DF PROTO=TCP SPT=34796 DPT=853 SEQ=820460175 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A000097890000000001030307)
I'm at a loss the IP 204.83.124.135 is my dynamic IP from my ISP. I have DoT enabled using cloudflare.
 
Ok help me out here I don't understand these results.
Code:
firewall stats search ip 204.83.124.135
#############################################################################################################
#                                _____ _                     _             __                               #
#                               / ____| |                   | |           / /                               #
#                              | (___ | | ___   _ _ __   ___| |_  __   __/ /_                               #
#                               \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \                              #
#                               ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |                             #
#                              |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/                              #
#                                            __/ |                                                          #
#                                           |___/                                                           #
#                                                                                                           #
## - 06/10/2019 -                  Asus Firewall Addition By Adamm v6.8.8                                   #
##                                 https://github.com/Adamm00/IPSet_ASUS                                    #
#############################################################################################################


=============================================================================================================


[i] Logging Data Detected in /tmp/mnt/stuff/skynet/skynet.log - 8.0K
[i] Monitoring From Oct 10 07:39:56 To Oct 10 07:42:56
[i] 20 Block Events Detected
[i] 10 Unique IPs
[i] 0 Manual Bans Issued

204.83.124.135 is NOT in set Skynet-Whitelist.
204.83.124.135 is NOT in set Skynet-Blacklist.
204.83.124.135 is NOT in set Skynet-BlockedRanges.


[i] IP Location - Canada (Saskatchewan Telecommunications / AS803)

[i] 204.83.124.135 First Tracked On Oct 10 07:39:56
[i] 204.83.124.135 Last Tracked On Oct 10 07:42:56
[i] 20 Blocks Total

Event Log Entries From 204.83.124.135;

First Block Tracked From 204.83.124.135;
Oct 10 07:39:56 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=204.83.124.135 DST=1.1.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=60785 DF PROTO=TCP SPT=34976 DPT=853 SEQ=2665827778 ACK=0 WINDOW=29200 RES=0x0

10 Most Recent Blocks From 204.83.124.135;
Oct 10 07:42:03 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=0c:9d:92:01:9b:20:00:00:5e:00:01:09:08:00 SRC=185.176.27.182 DST=204.83.124.135 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=64078 PROTO=TCP SPT=48845
Oct 10 07:42:05 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=0c:9d:92:01:9b:20:00:00:5e:00:01:09:08:00 SRC=92.119.160.103 DST=204.83.124.135 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=48836 PROTO=TCP SPT=41420
Oct 10 07:42:24 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=0c:9d:92:01:9b:20:00:00:5e:00:01:09:08:00 SRC=159.203.201.151 DST=204.83.124.135 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=4827
Oct 10 07:42:42 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=0c:9d:92:01:9b:20:00:00:5e:00:01:09:08:00 SRC=45.136.109.237 DST=204.83.124.135 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=22723 PROTO=TCP SPT=44179
Oct 10 07:42:45 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=0c:9d:92:01:9b:20:00:00:5e:00:01:09:08:00 SRC=185.176.27.182 DST=204.83.124.135 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=41990 PROTO=TCP SPT=48845
Oct 10 07:42:48 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=0c:9d:92:01:9b:20:00:00:5e:00:01:09:08:00 SRC=92.118.37.83 DST=204.83.124.135 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=38665 PROTO=TCP SPT=48465 D
Oct 10 07:42:51 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=204.83.124.135 DST=1.1.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=35951 DF PROTO=TCP SPT=35024 DPT=853 SEQ=2166603875 ACK=0 WINDOW=29200 RES=0x0
Oct 10 07:42:52 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=204.83.124.135 DST=1.1.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=35952 DF PROTO=TCP SPT=35024 DPT=853 SEQ=2166603875 ACK=0 WINDOW=29200 RES=0x0
Oct 10 07:42:55 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=204.83.124.135 DST=1.1.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13524 DF PROTO=TCP SPT=35026 DPT=853 SEQ=2675601227 ACK=0 WINDOW=29200 RES=0x0
Oct 10 07:42:56 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=204.83.124.135 DST=1.1.1.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=13525 DF PROTO=TCP SPT=35026 DPT=853 SEQ=2675601227 ACK=0 WINDOW=29200 RES=0x0


Top 10 Targeted Ports From 204.83.124.135 (Inbound);


--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------



Top 10 Sourced Ports From 204.83.124.135 (Inbound);


--------   | --------   | --------------
| Hits |   | | Port |   | | SpeedGuide |
--------   | --------   | --------------




=============================================================================================================


[#] 138678 IPs (+0) -- 1565 Ranges Banned (+0) || 12 Inbound -- 22 Outbound Connections Blocked! [stats] [6s]
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top