Skynet Skynet - Router Firewall & Security Enhancements

[martinr]

Me, too. The lockfile message clears within the 2 minutes, as per the message, and the horizontal histogram for Inbound blocks is now being displayed again.

Thank you, Adam.

 

[CaptainSTX]

Thanks.

Now getting country info both in Skynet/AMTM and in the Chart Info on the Skynet TAB.

Even if you can't get the country info consistently it is still worth being able to get it occasionally just to see if there are any other countries to add to the ban list. Can do it manually be looking up the IP but it is so much more convenient to have the country name.

Thanks again!!!!

 

[consorts]

what is this, and how can i stop it from happening.
i just replaced my usb stick with a faster one, so had to
reinstall: diversion, skynet uidivstats entware swap1g
everything seems fine, but i keep getting these notice

Mar 13 11:38:47 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=185.209.0.17 DST=96.000.000.214 LEN=40 TOS=0x08 PREC=0x20 TTL=241 ID=42605 PROTO=TCP SPT=43510 DPT=8392 SEQ=1669155955 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:38:48 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=89.248.162.161 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=26484 PROTO=TCP SPT=53243 DPT=3403 SEQ=2627117289 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:39:09 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=185.176.27.86 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=28880 PROTO=TCP SPT=56238 DPT=47115 SEQ=1637548557 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:39:20 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=45.136.110.227 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x20 TTL=244 ID=21069 PROTO=TCP SPT=57564 DPT=12770 SEQ=2500766073 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:39:21 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=45.136.110.227 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x20 TTL=244 ID=25481 PROTO=TCP SPT=57564 DPT=11884 SEQ=2347140915 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:39:34 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=138.197.12.187 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=42847 DPT=17 SEQ=4058799032 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:39:47 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=92.63.196.8 DST=96.000.000.214 LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=23717 PROTO=TCP SPT=59813 DPT=37095 SEQ=616760980 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:39:52 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=185.176.27.38 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=9310 PROTO=TCP SPT=56242 DPT=17547 SEQ=3651774979 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:39:56 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=176.113.115.53 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x20 TTL=244 ID=9163 PROTO=TCP SPT=56241 DPT=15585 SEQ=3766081020 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:39:57 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=49.128.174.248 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=24030 PROTO=TCP SPT=57454 DPT=445 SEQ=2787219125 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:39:58 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=176.113.115.53 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=18227 PROTO=TCP SPT=56241 DPT=59829 SEQ=2704827472 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:40:03 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=185.156.73.65 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=35667 PROTO=TCP SPT=51557 DPT=5288 SEQ=3316798765 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:40:12 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=45.136.110.227 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x20 TTL=245 ID=59021 PROTO=TCP SPT=57564 DPT=12876 SEQ=2654608919 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:41:06 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=45.136.110.227 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x20 TTL=244 ID=11543 PROTO=TCP SPT=57564 DPT=11297 SEQ=3178941408 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070

 

[Adamm]

what is this, and how can i stop it from happening.
i just replaced my usb stick with a faster one, so had to
reinstall: diversion, skynet uidivstats entware swap1g
everything seems fine, but i keep getting these notice

Mar 13 11:38:47 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=185.209.0.17 DST=96.000.000.214 LEN=40 TOS=0x08 PREC=0x20 TTL=241 ID=42605 PROTO=TCP SPT=43510 DPT=8392 SEQ=1669155955 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:38:48 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=89.248.162.161 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=26484 PROTO=TCP SPT=53243 DPT=3403 SEQ=2627117289 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:39:09 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=185.176.27.86 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=28880 PROTO=TCP SPT=56238 DPT=47115 SEQ=1637548557 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:39:20 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=45.136.110.227 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x20 TTL=244 ID=21069 PROTO=TCP SPT=57564 DPT=12770 SEQ=2500766073 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:39:21 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=45.136.110.227 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x20 TTL=244 ID=25481 PROTO=TCP SPT=57564 DPT=11884 SEQ=2347140915 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:39:34 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=138.197.12.187 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=42847 DPT=17 SEQ=4058799032 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:39:47 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=92.63.196.8 DST=96.000.000.214 LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=23717 PROTO=TCP SPT=59813 DPT=37095 SEQ=616760980 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:39:52 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=185.176.27.38 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=9310 PROTO=TCP SPT=56242 DPT=17547 SEQ=3651774979 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:39:56 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=176.113.115.53 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x20 TTL=244 ID=9163 PROTO=TCP SPT=56241 DPT=15585 SEQ=3766081020 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:39:57 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=49.128.174.248 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=24030 PROTO=TCP SPT=57454 DPT=445 SEQ=2787219125 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:39:58 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=176.113.115.53 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=18227 PROTO=TCP SPT=56241 DPT=59829 SEQ=2704827472 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:40:03 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=185.156.73.65 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=35667 PROTO=TCP SPT=51557 DPT=5288 SEQ=3316798765 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:40:12 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=45.136.110.227 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x20 TTL=245 ID=59021 PROTO=TCP SPT=57564 DPT=12876 SEQ=2654608919 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070
Mar 13 11:41:06 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=bc:xx:xx:xx:xx:xx:xx:b5:2f:08:11:c2:08:00 SRC=45.136.110.227 DST=96.000.000.214 LEN=40 TOS=0x00 PREC=0x20 TTL=244 ID=11543 PROTO=TCP SPT=57564 DPT=11297 SEQ=3178941408 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x83840070

You can disable logging in the settings menu but you will loose out on stats functionality.

 

[consorts]

You can disable logging in the settings menu but you will loose out on stats functionality.

thanks, i just did that and the "blocked" notices stopped.
uidivstats gui Addons seems to continue to work,
so what am i actually missing out on?

Mar 13 12:17:21 Skynet: [*] WebUI Integration Requires Logging To Be Enabled
Mar 13 12:17:23 Skynet: [#] 149283 IPs (-1) -- 1844 Ranges Banned (+0) || 0 Inbound -- 0 Outbound Connections Blocked! [start] [88s]

 

[Adamm]

thanks, i just did that and the "blocked" notices stopped.
uidivstats gui Addons seems to continue to work,
so what am i actually missing out on?

Mar 13 12:17:21 Skynet: [*] WebUI Integration Requires Logging To Be Enabled
Mar 13 12:17:23 Skynet: [#] 149283 IPs (-1) -- 1844 Ranges Banned (+0) || 0 Inbound -- 0 Outbound Connections Blocked! [start] [88s]

uidivstats is for Diversion, this feature is for Skynet stats.

 

[consorts]

uidivstats is for Diversion, this feature is for Skynet stats.

thanks for that clarification.

it would be cool if skynet reported a page in uidivstats instead of notices.
that way we could see which are the top 15 ip's "attacking" our routers,
instead of endless pages of notices that few bother to pay attention to.

 

[Adamm]

thanks for that clarification.

it would be cool if skynet reported a page in uidivstats instead of notices.
that way we could see which are the top 15 ip's "attacking" our routers,
instead of endless pages of notices that few bother to pay attention to.

What do you mean, with logging enable Skynet does have its own stats page?

 

[martinr]

thanks for that clarification.

it would be cool if skynet reported a page in uidivstats instead of notices.
that way we could see which are the top 15 ip's "attacking" our routers,
instead of endless pages of notices that few bother to pay attention to.

Skynet has its own stats page on the Firewall tab that will tell you exactly what you’ve asked for. Not sure if it’s there by default.

But it’s been “cool” for many months.

 

[consorts]

Skynet has its own stats page on the Firewall tab.

personally, i've never seen it display, so figured why bother keeping logging enabled.

ok, so i reenabled logging, and checked and see "display webui" is enabled
so i'll restart my router and see if maybe that skynet tab shows up on firewall.
ok, i see it now, sorry to bother you guys.
still wish i could stop those blocked notices from showing up, but whatever...

Skynet Statistics
 Last Updated - 01:07:28 PM (118.0KB)
 Key Stats (click to expand/collapse)
IPs Banned    Ranges Banned    Inbound Blocks    Outbound Blocks
149283    1844    0    0

i'll just set under system.log -general log;
Default message log level = notice
Log only messages more urgent than = warning
and hope i don't miss anything important.

 

[martinr]

personally, i've never seen it display, so figured why bother keeping logging enabled.

Maybe you have to select it rather that it appears by default; it’s been so long that I can’t remember. I’ll do a quick search and see if I can find out.

 

[martinr]

personally, i've never seen it display, so figured why bother keeping logging enabled.

See what you’ve been missing all this while

https://github.com/Adamm00/IPSet_ASUS

 

[Chris_J]

Personally, having Skynet logging is essential to me. Without it, I can only imagine hours of head scratching.

 

[martinr]

personally, i've never seen it display, so figured why bother keeping logging enabled.

ok, so i reenabled logging, and checked and see "display webui" is enabled
so i'll restart my router and see if maybe that skynet tab shows up on firewall.

“For users on firmware v384.15+ there will also be a WebUI tab under the heading Firewall.”

from https://www.snbforums.com/threads/r...wall-security-enhancements.16798/#post-115872

So it is there by default.

 

[ScottW]

still wish i could stop those blocked notices from showing up, but whatever...

Not sure you noticed, and didn't see anyone else mention in replies.... Skynet has a cron job that removes all those "blocked" notices every hour, replacing them with a single line. So at most, there is "one hour's worth" of those messages at any given time, and they get cleaned out of syslog at the top of every hour.

 

[Butterfly Bones]

still wish i could stop those blocked notices from showing up, but whatever...

There is a way, scribe installs sysolog-ng that keeps those lines and therefore the Skynet stats, but you don't have to see them if you don't want.
https://www.snbforums.com/threads/scribe-syslog-ng-and-logrotate-installer.55853/

 

[eclp]

still wish i could stop those blocked notices from showing up, but whatever....

I would also like to see this happen, and I have done so a few pages before. And I would like to use the Skynet statistics but it obviously can't be done any other way without the (sorry) constant 'spam messages' in the log. Too bad that in order to avoid this now extra one more script must be installed. As I said, I too would like to see statistics without news in the syslog!

 

[cmkelley]

I would also like to see this happen, and I have done so a few pages before. And I would like to use the Skynet statistics but it obviously can't be done any other way without the (sorry) constant 'spam messages' in the log. Too bad that in order to avoid this now extra one more script must be installed. As I said, I too would like to see statistics without news in the syslog!

So, you want to have your cake and eat it too? Actually, all scribe does is install syslog-ng and logrotate from Entware. logrotate is not in memory all the time, it only runs once a day by default, and syslog-ng replaces syslogd and klogd in memory. EDIT: I'm not home so I can't check, but I'd think syslog-ng is not a huge amount more memory than syslogd + klogd syslog-ng is ~8 times larger, 3K on my system for syslog+klogd, 24K for syslogd + its supervisor daemon, so actually quite a bit more memory. If all you really want is separating the Skynet messages out, once you set up syslog-ng you should only ever need to run scribe when Entware releases a new syslog-ng version, to fix anything dumb syslog-ng did.

 

[juched]

So, you want to have your cake and eat it too? Actually, all scribe does is install syslog-ng and logrotate from Entware. logrotate is not in memory all the time, it only runs once a day by default, and syslog-ng replaces syslogd and klogd in memory. EDIT: I'm not home so I can't check, but I'd think syslog-ng is not a huge amount more memory than syslogd + klogd syslog-ng is ~8 times larger, 3K on my system for syslog+klogd, 24K for syslogd + its supervisor daemon, so actually quite a bit more memory. If all you really want is separating the Skynet messages out, once you set up syslog-ng you should only ever need to run scribe when Entware releases a new syslog-ng version, to fix anything dumb syslog-ng did.

Syslog-ng with default configs takes ~300m on my AX88U.


Sent from my iPhone using Tapatalk

 

[cmkelley]

Syslog-ng with default configs takes ~300m on my AX88U.


Sent from my iPhone using Tapatalk

Based on what metric?