Skynet Skynet - Router Firewall & Security Enhancements

[dave14305]

I see Adamm just updated Skynet and removed the +hosts?
After updating Skynet, do we have to update anything else? (ban malwarelist, etc.)

You could go into Diversion and disable Plus hosts, but only if you want to.

 

[thelonelycoder]

I see Adamm just updated Skynet and removed the +hosts?
After updating Skynet, do we have to update anything else? (ban malwarelist, etc.)

You could go into Diversion and disable Plus hosts, but only if you want to.

The upcoming Diversion update will take care of that.

 

[Ubimo]

After the update today, I get this:

Select Option:
[1]  --> Update
[2]  --> Change Filter List
[3]  --> Reset Filter List
[4]  --> Exclude Individual Lists
[5]  --> Reset Exclusion List

[1-5]: 1

[$] /jffs/scripts/firewall banmalware


=============================================================================================================


[i] Custom Filter Detected: https://pastebin.com/raw/yRDDqXg5
[i] Downloading filter.list         | [1s]
[i] Refreshing Whitelists           | [34s]
[i] Consolidating Blacklist         | [356s]
[i] Filtering IPv4 Addresses        | [18s]
[i] Filtering IPv4 Ranges           | [2s]
[i] Applying New Blacklist          | [37s]
[i] Refreshing AiProtect Bans       | kill: can't kill pid 8840: No such process
[0s]
[i] Saving Changes                  | [13s]

[i] For Whitelisting Assistance -
[i] https://www.snbforums.com/threads/release-skynet-router-firewall-security-enhancements.16798/#post-115872


=============================================================================================================


[#] 330425 IPs (+619) -- 2203 Ranges Banned (+42) || 400 Inbound -- 18 Outbound Connections Blocked! [banmalware] [466s]

Since then, I also can't open two websites any more. Investigating...
Edit:
I think it has to do with unbound...

 

[Adamm]

kill: can't kill pid 8840: No such process

You can safely ignore that error, its due to Skynet failing to kill the "spinner process". I assume its related somehow to your overly excessive blacklist and whitelist for that matter taking significantly longer to process then the default.

Since then, I also can't open two websites any more. Investigating...

Completely unrelated, Skynet logs every connection it drops, there is never an exception to this rule.

 

[Adamm]

What is Fast Switch List option ?

A fast method to switch between malware blacklists.

 

[Mutzli]

Since Diversion was updated is there still a link to a shared whitelist? I get an error when updating - No such file or directory.

 

[Adamm]

Since Diversion was updated is there still a link to a shared whitelist? I get an error when updating - No such file or directory.
View attachment 22319

That indicates your swap file is missing (or at-least the value that was saved in your cfg file)

 

[Mutzli]

Strange, all worked before the update of diversion. Swap is okay. Should I recreate the swap file?

 

[Adamm]

Strange, all worked before the update of diversion. Swap is okay. Should I recreate the swap file?

If you restart Skynet can you reproduce the error?

 

[Mutzli]

Restart Skynet didn't help. Creating a new entry in the whitelist also didn't solve it.

 

[Adamm]

Restart Skynet didn't help. Creating a new entry in the whitelist also didn't solve it.

There is an issue with your SWAP file, try uninstall then recreate it (you may have to disable other addons to free up ram).

 

[Mutzli]

There is an issue with your SWAP file, try uninstall then recreate it (you may have to disable other addons to free up ram).

That did the trick.

 

[Adamm]

I've pushed v7.1.5

Remove diversion "plus host" functionality
Add monitoring from date to WebUI
Improve Private IP Regex (thanks @wbartels)

 

[5stringdeath]

I understand what the Status "Online" and "Inactive" mean, but what is "DELAY" - the particular device is my phone and is online, should be "Online" by all accounts.

Firestick                                | 192.168.1.4      | redacted    | Online
G-Pixel-3                                | 192.168.1.5      | redacted    | DELAY
BlackPad                                 | 192.168.1.8      | redacted    | Inactive

 

[Lord Lovaduck]

Definitely not. I bought it unused from internet shop and never touched CFE. If i would, i would not have a problem telling it here. Why my router has 1.0.3 CFE out of the box i have no idea. Screenshot of my router System Information screen:
https://drive.google.com/open?id=1WXclexDz-5t63_FhUBanwL-FbugDA3Hk

Removed Skynet, did a full reboot of router, reinstalled it back and it's working now. I will monitor it for a while.

I had the same issue on my AC68U (384.16 beta 2 - bl_version=1.0.2.1).
Pirx73, your bypass (uninstall, reboot a few times) worked for me too!!! Thanks for posting it!
Is there any issue with CFE 1.0.2.1? Or is there a required CFE level for this, @L&LD ?
Thanks!

 

[pirx73]

CFE to my understanding is a "BIOS" of our router. I remember when i had RT-N66U upgrading CFE was a way to rise CPU frequency, overclock it.
Not sure about AC68. And since ASUS does not publish CFE release notes we have no idea what changes CFE versions have unless someone does disassembly of code and tells others.
CFE is also related to different HW revisions. Also upgrading CFE is quite dangerous because you can brick your router permanently. ASUS does not support it officialy. Here on forums you can find upgrade instructions though.
CFE should not affect workings of the scripts. Maybe i am wrong...

 

[Adamm]

I understand what the Status "Online" and "Inactive" mean, but what is "DELAY" - the particular device is my phone and is online, should be "Online" by all accounts.

Firestick                                | 192.168.1.4      | redacted    | Online
G-Pixel-3                                | 192.168.1.5      | redacted    | DELAY
BlackPad                                 | 192.168.1.8      | redacted    | Inactive

Delay is status output from the ip neigh command, as per the man page;

DELAY– signifies that the kernel is still waiting for validation from the stale entry

 

[JT Strickland]

Can anyone tell me if there are any adverse effects to running Aiprotection along with Skynet, other than the privacy issues with trend micro?
I had held off because of potential performance issues, but the privacy bubble burst when I briefly turned on QoS, and I am trying to decide what to do.
Seems like, at least now, the potential benefits outweigh the consequences.
tia,
jts

 

[Adamm]

Can anyone tell me if there are any adverse effects to running Aiprotection along with Skynet, other than the privacy issues with trend micro?
I had held off because of potential performance issues, but the privacy bubble burst when I briefly turned on QoS, and I am trying to decide what to do.
Seems like, at least now, the potential benefits outweigh the consequences.
tia,
jts

No adverse effects, I've happily run both for years now without any downside. Don't believe the hype surrounding "privacy concerns"

 

[JT Strickland]

No adverse effects, I've happily run both for years now without any downside. Don't believe the hype surrounding "privacy concerns"

OK, thanks, I'm all in now. It looks like "ban aiprotection" is turned on in my copy of Skynet. I took the default with AiProtection and left them all on for now because I haven't researched it that far yet. So far, runner and flow cache are still up, but probably will loose runner.
thanks again.