Skynet Skynet - Router Firewall & Security Enhancements

[L&LD]

Enable HDD Hibernation is not needed for flash or SSD based drives.

 

[Chewie420]

You can also create a new file in /jffs called "shared-xbox-whitelist" then paste the entries above to it save and reboot.

Thanks you so much for this but I am not quite sure how to create that file, could I get further instructions? Sorry for such a basic question, I'd just rather not add them one at a time.

Update: Ok I can now create files in /jiffs just not exactly sure where to create the file called shared-xbox-shirtelist.

 

[CriticJay]

@JT Strickland
If you click on the following link you should get a malicious site warning and your stats will go up:

http://wrs49.winshipway.com

Wait... even my phone blocks that site when Wi-Fi is turned off and it's running on an LTE data connection... what's going on?

wrs49.winshipway.com/
Category: 74(Spyware)
WTP Score: 49(Dangerous)
Credibility: 1(Dangerous) [Obsoleted]
By CoreTech WRS team (AllofTWWRSOPSTeam@dl.trendmicro.com)

 

[faria]

Thanks you so much for this but I am not quite sure how to create that file, could I get further instructions? Sorry for such a basic question, I'd just rather not add them one at a time.

Update: Ok I can now create files in /jiffs just not exactly sure where to create the file called shared-xbox-shirtelist.

Thanks you so much for this but I am not quite sure how to create that file, could I get further instructions? Sorry for such a basic question, I'd just rather not add them one at a time.

Update: Ok I can now create files in /jiffs just not exactly sure where to create the file called shared-xbox-shirtelist.

put the file on "/jffs/addons/shared-whitelists/" as the old instructions are deprecated .

 

[L&LD]

@CriticJay did you flush the cache/restart the browser on the phone to test too?

 

[Ubimo]

URLhaus, cracked 200,000 malware URLs tracked. The majority of the malware sites tracked by URLhaus are related to Emotet (aka Heodo), followed by Mirai, Gayfgyt and Gozi ISFB (aka Ursnif). But there are many other threats being tracked with the help of the infosec community. There are several ways how to utilize the data generated by the community to protect your network and users.

The URLhaus RPZ gets updated every 5 minutes and excludes the Alexa Top 1M sites to reduce the amount of false positives."

How can I add this to Skynet ban malwarelist?

 

[Adamm]

How can I add this to Skynet ban malwarelist?

Skynet is an IP based blocking solution, for DNS based lists you are better off using something like Diversion.

 

[CriticJay]

@CriticJay did you flush the cache/restart the browser on the phone to test too?

Yes! Can you please try to access that URL from a phone or device not connected to WiFi, or using a non-Asus "dumb" router and let me know what you get (if you're willing)?

 

[L&LD]

@CriticJay, I turned off WiFi on my android phone and clicked on the link in post 6826 above and got exactly what you've posted too.

Note 10 running the latest official firmware Android version 10 with One UI version 2.0 and Security update dated March 31, 2020.

Is this an ISP 'protection' or something similar?

 

[CriticJay]

@CriticJay, I turned off WiFi on my android phone and clicked on the link in post 6826 above and got exactly what you've posted too.

Note 10 running the latest official firmware Android version 10 with One UI version 2.0 and Security update dated March 31, 2020.

Is this an ISP 'protection' or something similar?

Thanks for double-checking my test

Yes, at this point, I think that is the only likely explanation

 

[Dudemanyea]

I banned countries RU and CN but when I am still able to open websites hosted in those countries. Am I misunderstanding the country ban?

 

[martinr]

I banned countries RU and CN but when I am still able to open websites hosted in those countries. Am I misunderstanding the country ban?

Are they websites you visited before and are still cached in your browser’s cache? Have you tested with a domain you have never visited before?

 

[Yota]

I recently discovered that some people is using remote access SSH to install scripts, so turning off SSH remote access may shut them out.

My script uses the following commands to check, you can use it if you want.

if [ -n "$SSH_CLIENT" ]; then
   cltipaddr="$(echo "$SSH_CLIENT" | awk '{print $1}')"
   if [ "$(ip neigh 2>/dev/null | awk '{print $1}' | grep -cw $cltipaddr)" -eq "0" ]; then
       REMOTE_ACCESS="1"
   fi
fi

And thank you for your scripts, which brought me a lot of new ideas.

 

[Centrifuge]

I banned countries RU and CN but when I am still able to open websites hosted in those countries. Am I misunderstanding the country ban?

Could be there stuff is distributed to other server farms in other countries.

 

[Dudemanyea]

Are they websites you visited before and are still cached in your browser’s cache? Have you tested with a domain you have never visited before?

New sites I've never visited. Also tried using incognito. Was able to get to the sites.

 

[Dudemanyea]

Could be there stuff is distributed to other server farms in other countries.

I think you nailed it, I tried several sites and there were a few that wouldn't load.

 

[juched]

Skynet is an IP based blocking solution, for DNS based lists you are better off using something like Diversion.

Response Policy Zone (RPZ) can also do Reponse IP filtering so that if a DNS is to respond with a blacklisted IP then the DNS request is blocked.

Kinda neat. This is what the The URLHaus feed provides as well.

But correct, this is not an IP based list. Many levels of security can be added together.

 

[AntonK]

Today, I turned off AIProtection on my router. I am not running QoS or any other features that require acceptance of TrendMicro's privacy policies (no, I'm not paranoid, I just turned off AIProtection and Withdrew my acceptance of their policies).

Anyways, this immediately zeroed-out and made unavailable Skynet stats. I didn't dig any further to see if Skynet was still running.

I turned AIProtection back on, accepted the privacy policies, and all was ok again with Skynet.

I turned OFF AIProtection, but didn't Withdraw my acceptance of TrendMicro's policies. So, I can turn off and on AIProtection, and Skynet stats still work fine, as long as I don't Withdraw acceptance of TrendMicro's privacy policies. Why is that?

Thanks,
Anton

 

[dave14305]

Today, I turned off AIProtection on my router. I am not running QoS or any other features that require acceptance of TrendMicro's privacy policies (no, I'm not paranoid, I just turned off AIProtection and Withdrew my acceptance of their policies).

Anyways, this immediately zeroed-out and made unavailable Skynet stats. I didn't dig any further to see if Skynet was still running.

I turned AIProtection back on, accepted the privacy policies, and all was ok again with Skynet.

I turned OFF AIProtection, but didn't Withdraw my acceptance of TrendMicro's policies. So, I can turn off and on AIProtection, and Skynet stats still work fine, as long as I don't Withdraw acceptance of TrendMicro's privacy policies. Why is that?

Thanks,
Anton

Withdrawing consent triggers a reboot, if I remember correctly, wiping out stats in memory or tmpfs filesystems.

 

[TheLyppardMan]

I noticed today that there is an option to add AiProtection to Skynet. Is there any advantage in doing that?