Skynet Skynet - Router Firewall & Security Enhancements

[dev_null]

Definitely could be a partitioning issue with whatever software you used to create them. Any particular reason you need multiple partitions?

I wanted the second for file transfers and wanted the ability to plug it into a windows machine to get the files in the event of a catastrophe. The partition setup was done by the router firmware via amtm/diversion.

If you think that is an issue, I can reformat I suppose or go back to the USB drive. It'd be a bit of a pain for the former, but better to do it now.

 

[Adamm]

I wanted the second for file transfers and wanted the ability to plug it into a windows machine to get the files in the event of a catastrophe. The partition setup was done by the router firmware via amtm/diversion.

If you think that is an issue, I can reformat I suppose or go back to the USB drive. It'd be a bit of a pain for the former, but better to do it now.

ext* is the preferred format for router attached storage. The Tuxera drivers for NTFS are notoriously buggy. In a worst case scenario there is software available to view the contents via Windows directly.

 

[Dee dee]

I have a random issue with skynet that I can't figure out. It happened with version 6, and I just upgraded to 7 and want to see if it happens there as well.

I would just ssh in and run firewall command, and I would see three tasks failed (cron,and two others) by this I assume that the firewall stops working.

If someone can explain how to show that debug I can post here and see why it randomly just seems to fail.

Sent from my SM-A505U1 using Tapatalk

 

[Adamm]

I have a random issue with skynet that I can't figure out. It happened with version 6, and I just upgraded to 7 and want to see if it happens there as well.

I would just ssh in and run firewall command, and I would see three tasks failed (cron,and two others) by this I assume that the firewall stops working.

If someone can explain how to show that debug I can post here and see why it randomly just seems to fail.

Sent from my SM-A505U1 using Tapatalk

You would need to copy and paste the output of;

sh /jffs/scripts/firewall debug info

Plus an extract of your syslog from when the event occurred so we can understand whats going on.

 

[Dee dee]

You would need to copy and paste the output of;

sh /jffs/scripts/firewall debug info

Plus an extract of your syslog from when the event occurred so we can understand whats going on.

First log from command here. It just failed today as I checked how do I get sys log info?

--------------------                | ----------
| Test Description |                | | Result |
--------------------                | ----------

Internet-Connectivity               | [Passed]
Write Permission                    | [Passed]
Firewall-Start Entry                | [Passed]
Services-Stop Entry                 | [Passed]
SWAP                                | [Passed]
Cron Jobs                           | [Failed]
IPSet Comment Support               | [Passed]
Log Level 5 Settings                | [Passed]
Duplicate Rules In RAW              | [Passed]
Inbound Filter Rules                | [Failed]
Inbound Logging Rules               | [Failed]
Outbound Filter Rules               | [Failed]
Outbound Logging Rules              | [Failed]
Whitelist IPSet                     | [Failed]
BlockedRanges IPSet                 | [Failed]
Blacklist IPSet                     | [Failed]
Skynet IPSet                        | [Failed]
Diversion Plus Content              | [Passed]


-----------                         | ----------
| Setting |                         | | Status |
----------                          | ----------

Skynet Auto-Updates                 | [Disabled]
Malware List Auto-Updates           | [Disabled]
Logging                             | [Disabled]
Filter Traffic                      | [Selective]
Unban PrivateIP                     | [Disabled]
Log Invalid                         | [Disabled]
Ban AiProtect                       | [Disabled]
Secure Mode                         | [Disabled]
Fast Switch                         | [Disabled]
Syslog Location                     | [Custom]
IOT Blocking                        | [Disabled]
Country Lookup For Stats            | [Disabled]
CDN Whitelisting                    | [Disabled]

9/18 Tests Sucessful               


================================================================================

[#] 142578 IPs (+0) -- 1590 Ranges Banned (+0) ||  Inbound --  Outbound Connect]
admin@RT-AC68U-1340:/tmp/home/root#

Sent from my SM-A505U1 using Tapatalk

 

[Adamm]

First log from command here. It just failed today as I checked how do I get sys log info?

--------------------                | ----------
| Test Description |                | | Result |
--------------------                | ----------

Internet-Connectivity               | [Passed]
Write Permission                    | [Passed]
Firewall-Start Entry                | [Passed]
Services-Stop Entry                 | [Passed]
SWAP                                | [Passed]
Cron Jobs                           | [Failed]
IPSet Comment Support               | [Passed]
Log Level 5 Settings                | [Passed]
Duplicate Rules In RAW              | [Passed]
Inbound Filter Rules                | [Failed]
Inbound Logging Rules               | [Failed]
Outbound Filter Rules               | [Failed]
Outbound Logging Rules              | [Failed]
Whitelist IPSet                     | [Failed]
BlockedRanges IPSet                 | [Failed]
Blacklist IPSet                     | [Failed]
Skynet IPSet                        | [Failed]
Diversion Plus Content              | [Passed]


-----------                         | ----------
| Setting |                         | | Status |
----------                          | ----------

Skynet Auto-Updates                 | [Disabled]
Malware List Auto-Updates           | [Disabled]
Logging                             | [Disabled]
Filter Traffic                      | [Selective]
Unban PrivateIP                     | [Disabled]
Log Invalid                         | [Disabled]
Ban AiProtect                       | [Disabled]
Secure Mode                         | [Disabled]
Fast Switch                         | [Disabled]
Syslog Location                     | [Custom]
IOT Blocking                        | [Disabled]
Country Lookup For Stats            | [Disabled]
CDN Whitelisting                    | [Disabled]

9/18 Tests Sucessful              


================================================================================

[#] 142578 IPs (+0) -- 1590 Ranges Banned (+0) ||  Inbound --  Outbound Connect]
admin@RT-AC68U-1340:/tmp/home/root#

Sent from my SM-A505U1 using Tapatalk

Please also post the top part of the "debug info" output as its important. You can find your syslog in the WebUI under the "System Log" tab.

 

[randomName]

@Adamm Confirmed, it's not Skynet

 

[skeal]

Hey people just wondering about something, I'm getting pounded by IP's from Russia Federation they account for about 350 drops per hour, anyone else seeing this. I'm using no added blocking like country block or anything like that and have no special lists. This has been going on for about two weeks. Some hours are logging as many as 1000 incoming hits. I have zero outgoing problems. Any information is appreciated in advance. Thanks @Adamm the script is blocking like crazy.

 

[Butterfly Bones]

Hey people just wondering about something, I'm getting pounded by IP's from Russia Federation they account for about 350 drops per hour, anyone else seeing this. I'm using no added blocking like country block or anything like that and have no special lists. This has been going on for about two weeks. Some hours are logging as many as 1000 incoming hits. I have zero outgoing problems. Any information is appreciated in advance. Thanks @Adamm the script is blocking like crazy.

No, mine runs 250-300 / hour scanning back a couple days. I do block about 8 countries. Sometimes up to ~500 / hour, but not like the bombardment hitting you.

 

[skeal]

No, mine runs 250-300 / hour scanning back a couple days. I do block about 8 countries. Sometimes up to ~500 / hour, but not like the bombardment hitting you.

Yeah I get easily 400 total an hour. I just wonder what have I done to bring this on? Or is this just random stuff? I usually see 250 to 300 and hour. Now like I say about 400 to 500 per hour with an occasional spike. 80% of my blocked traffic is from Russia Federation.

 

[Butterfly Bones]

Yeah I get easily 400 total an hour. I just wonder what have I done to bring this on? Or is this just random stuff? I usually see 250 to 300 and hour. Now like I say about 400 to 500 per hour with an occasional spike. 80% of my blocked traffic is from Russia Federation.

When I started with Skynet, all those blocks got me concerned. I tried hard to get a new WAN IP. a few times, made no difference. I know now that it is my well known ISP (Spectrum) being targeted, since most home users have no clue, sadly. I see more hits in summer when idle hands have more time to play.

Welcome to the modern Internet, thank goodness for Skynet and other add-on scripts for Asuswrt-Merlin!

 

[Kingp1n]

Yeah I get easily 400 total an hour. I just wonder what have I done to bring this on? Or is this just random stuff? I usually see 250 to 300 and hour. Now like I say about 400 to 500 per hour with an occasional spike. 80% of my blocked traffic is from Russia Federation.

Where can check this?

 

[skeal]

Where can check this?

Using the syslog and Skynet's own stats. You have to have logging enabled, and it helps to reset stats, if you are after certain specifics.

 

[CaptainSTX]

Since Dec 22nd I have blocked 8,669 IP hits from Russia. Russia accounts for five of my top ten. I have Russia setup as a banned country. The Netherlands also contributes more than its fair share of hits also.

 

[skeal]

Since Dec 22nd I have blocked 8,669 IP hits from Russia. Russia accounts for five of my top ten. I have Russia setup as a banned country. The Netherlands also contributes more than its fair share of hits also.

What do you use for a country code for Russia Fed?

 

[Butterfly Bones]

What do you use for a country code for Russia Fed?

RU
https://www.ipdeny.com/ipblocks/

I use

Banned Countries; bg br cn ir kp ro rs ru tr ua

 

[QuikSilver]

RU
https://www.ipdeny.com/ipblocks/

I use

Banned Countries; bg br cn ir kp ro rs ru tr ua

I use a few more....

cn, ru, iq, ir, in, il, jp, kp, kr, lv, ma, mn, pk, af, cs, sl, sa, su, ae, ua, hk, ge, eg, cz, al, vn, eu, pe, by, id, jo, kz, lt

 

[skeal]

RU
https://www.ipdeny.com/ipblocks/

I use

Banned Countries; bg br cn ir kp ro rs ru tr ua

I concur those ones seem to be my biggest offenders as well, thanks for the list of codes and the site link.

 

[CaptainSTX]

What do you use for a country code for Russia Fed?

Here are the countries I have banned based on frequency of hits or figuring nothing good can come from them. Greece is banned for other reasons. For obvious reason can't ban US since that is the country where I reside but there are some bad actors here also.

af,bg,br,bz,cn,cz,ee,ge,gr,iq,ir,kp,lv,md,mk,ng,nl,pl,ro,ru,ve

 

[Butterfly Bones]

I concur those ones seem to be my biggest offenders as well, thanks for the list of codes and the site link.

Thank Adamm, I just saved an earlier post of his for reference and pasted the link here.
https://www.snbforums.com/threads/r...urity-enhancements.16798/page-145#post-418800