Skynet Skynet - Router Firewall & Security Enhancements

[skeal]

it doesn't work on Ext3 or Ext4. The message is that it cannot find the partition... even if Skynet is finding the USB during the installation process, at a later stage quits saying it cannot find partition.

Anyway, I think I will give up having Skynet on USB, and I will install it on JFFS (even if RMerlin doesn't recomment that https://github.com/RMerl/asuswrt-merlin/wiki/JFFS). I will keep it on JFFS for a while, under observation.

You need to format that usb in a more reliable way. I"ve been using ext4 for a while now and it basically cured my usb drive corruption problems. The usb drive first has to support ext4 in the first place. If not you get a false positive even from a linux box.

 

[2992]

You need to format that usb in a more reliable way. I"ve been using ext4 for a while now and it basically cured my usb drive corruption problems. The usb drive first has to support ext4 in the first place. If not you get a false positive even from a linux box.

What/how do you mean in a more reliable way?
I've tried 3 USBs I have in EXT4 already, none is working:

Looking For Available Partitions...
No Compadible Partitions Found. Exiting...

I've formated them in Linux.

 

[skeal]

What/how do you mean in a more reliable way?
I've tried 3 USBs I have in EXT4 already, none is working:

Looking For Available Partitions...
No Compadible Partitions Found. Exiting...

I've formated them in Linux.

What I mean is...I tried this as well and got false positives from a linux box. It would say format complete but wouldn't work anywhere else. What I suggest is if your having no luck with the router and linux box install a mini Partition manager and do it on a windows machine. I used a mini partition manager and it will only give you format options based on the drives capabilities.
EDIT: EaseUS Partion Wizard great windows program. Free.

 

[Adamm]

Does anyone have a suggestion for IP lists that are a little less aggressive?

I just install skynet and have ran across a couple sites that I had to whitelist. It's not a huge deal if I run across them but it is a huge pain if I am going to have to whitelist multiple sites a day for each person in my family.

Generally I find after whitelisting the first few false positives you can sit back and almost forget about it.

But if it does become an issue, I suggest you start using the following command to find what lists are causing you the most issues frequently.

sh /jffs/scripts/firewall stats search malware xxx.xxxx.xxx.xxx

This command will show you every list the IP appears on. If you happen to find a list that is showing a high rate of false positives, let me know and I'll definitely consider removing it.

The other option is also to host your own filter.list on a site like pastebin raw with the lists removed that suits your needs, then just run the banmalware command manually with the custom list argument.

 

[Adamm]

What/how do you mean in a more reliable way?
I've tried 3 USBs I have in EXT4 already, none is working:

Looking For Available Partitions...
No Compadible Partitions Found. Exiting...

I've formated them in Linux.

Definitely is the process you are using to format them, Skynet uses the same code AB-Solution and entware do to detect USB devices by searching "/bin/mount".

For proof here's the output showing my EXT4 USB..

admin@RT-AC68U-EE20:/tmp/home/root# /bin/mount
rootfs on / type rootfs (rw)
/dev/root on / type squashfs (ro,relatime)
devtmpfs on /dev type devtmpfs (rw,relatime,size=127748k,nr_inodes=31937,mode=755)
proc on /proc type proc (rw,relatime)
tmpfs on /tmp type tmpfs (rw,relatime)
sysfs on /sys type sysfs (rw,relatime)
devpts on /dev/pts type devpts (rw,relatime,mode=600)
/dev/mtdblock4 on /jffs type jffs2 (rw,noatime)
usbfs on /proc/bus/usb type usbfs (rw,relatime)
/dev/sda1 on /tmp/mnt/Main type ext4 (rw,nodev,relatime,user_xattr,barrier=1,data=ordered)

I suggest using one of the windows programs above that I and @skeal listed. Both work great.

 

[Protik]

Ok I can confirm the behavior that @2992 is reporting.

After a manual reboot from the command line, it seemed like the router was not rebooted properly. The wifi was not connecting, could not ssh etc. So turned off and then on the router using the on/off switch. After the restart, skynet was showing

Nov 10 22:35:22 Skynet: [Complete] 0 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [35s]

After a manual installation of banmalware, the number was finite again. But after a reboot it all went back to zero.

My USB is formatted to ext2 format. I believe any manual restart using the physical on/off switch corrupts the skynet files if the USB is ext2 format. I will try to reformat the USB to ext4 and see if that helps.

 

[Adamm]

Ok I can confirm the behavior that @2992 is reporting.

After a manual reboot from the command line, it seemed like the router was not rebooted properly. The wifi was not connecting, could not ssh etc. So turned off and then on the router using the on/off switch. After the restart, skynet was showing

Nov 10 22:35:22 Skynet: [Complete] 0 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [35s]

After a manual installation of banmalware, the number was finite again. But after a reboot it all went back to zero.

My USB is formatted to ext2 format. I believe any manual restart using the physical on/off switch corrupts the skynet files if the USB is ext2 format. I will try to reformat the USB to ext4 and see if that helps.

Try v5.5.3.. This could be due to slower USB devices mounting, this may have fixed the issue.

@2992

 

[2992]

Ok I can confirm the behavior that @2992 is reporting.

After a manual reboot from the command line, it seemed like the router was not rebooted properly. The wifi was not connecting, could not ssh etc. So turned off and then on the router using the on/off switch. After the restart, skynet was showing

Nov 10 22:35:22 Skynet: [Complete] 0 IPs / 0 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [35s]

After a manual installation of banmalware, the number was finite again. But after a reboot it all went back to zero.

My USB is formatted to ext2 format. I believe any manual restart using the physical on/off switch corrupts the skynet files if the USB is ext2 format. I will try to reformat the USB to ext4 and see if that helps.

Now that you are saying, I can recall that I've start encountering these issues since about I've start using reboot command in terminal.

I've used that EasyUS s/w in Windows, and seemingly for none of my USBs I have the EXT4 option. I only have EXT2 and EXT3.
So, I've formatted again one of the USBs to EXT2, and I will try again now. Later, I'll try with EXT3.

 

[Adamm]

Now that you are saying, I can recall that I've start encountering these issues since about I've start using reboot command in terminal.

I've used that EasyUS s/w in Windows, and seemingly for none of my USBs I have the EXT4 option. I only have EXT2 and EXT3.
So, I've formatted again one of the USBs to EXT2, and I will try again now. Later, I'll try with EXT3.

Updating to 5.5.3 should fix the issue, I believe it was caused by slow mounting devices.

 

[2992]

Updating to 5.5.3 should fix the issue, I believe it was caused by slow mounting devices.

So far, so good...
I've installed Skynet, then rebooted from Router WebIF, then:

Nov 11 13:53:36 Skynet: [INFO] USB Not Found - Sleeping For 10 Seconds ( Attempt 2 Of 10 )
...
Nov 11 13:53:43 Skynet: [INFO] Lock File Detected (start banmalware autoupdate usb=/tmp/mnt/absEXT2) (pid=664) - Exiting
Nov 11 13:53:43 openvpn[890]: Initialization Sequence Completed
Nov 11 13:53:47 Skynet: [INFO] Startup Initiated... ( banmalware autoupdate usb=/tmp/mnt/absEXT2 )
Nov 11 13:53:48 kernel: ip_set: protocol 6
Nov 11 13:54:07 Skynet: [Complete] 157771 IPs / 2476 Ranges Banned. 157771 New IPs / 2476 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [41s]
Nov 11 14:00:07 Skynet: [Complete] 157771 IPs / 2476 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [7s]
Nov 11 15:00:08 Skynet: [Complete] 157771 IPs / 2476 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked! [8s]

It's working fine so far. I'll keep it under observation, and will report back if I'll see something strange happening again. Thank you @Adamm!

 

[skeal]

Now that you are saying, I can recall that I've start encountering these issues since about I've start using reboot command in terminal.

I've used that EasyUS s/w in Windows, and seemingly for none of my USBs I have the EXT4 option. I only have EXT2 and EXT3.
So, I've formatted again one of the USBs to EXT2, and I will try again now. Later, I'll try with EXT3.

How old are your usb sticks and are they usb3 or usb2? I found that "sandisk cruzer fit" makes a reliable format to ext4.

 

[2992]

How old are your usb sticks and are they usb3 or usb2? I found that "sandisk cruzer fit" makes a reliable format to ext4.

USB2, they are not quite new, in fact, they are some few years old, PNY & Hama brands, 2Gb, 4Gb, 16Gb... I have several.
But I think they are ok, as I can run live Linux from them easily, and they have never failed so far - except here.

 

[skeal]

USB2, they are not quite new, in fact, they are some few years old, PNY & Hama brands, 2Gb, 4Gb, 16Gb... I have several.
But I think they are ok, as I can run live Linux from them easily, and they have never failed so far - except here.

Looks like none of your drives support ext4 file system....to old. I had the same problem. Spent 20$ and bought two new drives....boom....ext4 supported.

 

[2992]

Looks like none of your drives support ext4 file system....to old. I had the same problem. Spent 20$ and bought two new drives....boom....ext4 supported.

Given the fact that ABS recommends EXT2, I would like to stay with EXT2, until other format is recommended.
I think that the issue I have (had) here was not related to the format of the drives, but probably with their slow mounting time... (as Adamm has just found out)
Anyways, probably it's a good idea to get a new USB drive, just for the sake it's new and probably better/faster - however, I would at the same time like to make good use of the USBs I already have, and use them all the way until they cannot be used anymore. I do not like to fix (read replace) things which are not broken. Seemingly these USBs I have here are still doing ok (I think/hope).

 

[Protik]

Bug report: For enhanced traffic monitoring, I have fixed the IPs of the devices. I have two devices named Windows-Phone and S4 with IPs 192.168.2.12 and 192.168.2.123 respectively. Skynet gets confused between these devices and shows them in the stats page like:

Top 10 Blocked Devices (Outbound);
30x 192.168.2.12 Windows-Phone3 S4

I guess the grep operation needs to be refined.

 

[thelonelycoder]

Bug report: For enhanced traffic monitoring, I have fixed the IPs of the devices. I have two devices named Windows-Phone and S4 with IPs 192.168.2.12 and 192.168.2.123 respectively. Skynet gets confused between these devices and shows them in the stats page like:

Top 10 Blocked Devices (Outbound);
30x 192.168.2.12 Windows-Phone3 S4

I guess the grep operation needs to be refined.

I've had the same in the AB stats function. The grep needs a $ at the end of the term, or a space. That'll fix it.

 

[Adamm]

For enhanced traffic monitoring, I have fixed the IPs of the devices. I have two devices named Windows-Phone and S4 with IPs 192.168.2.12 and 192.168.2.123 respectively. Skynet gets confused between these devices and shows them in the stats page like:

Thanks, pushed a fix. There was a missing $ in a sed command. You will need to force update to apply it as there wasn't a version change.

 

[skeal]

@Adamm I just updated from 380.68_4 to the official 382.1 I did not do anything other than update my scripts before updating the router. Everything went great. No problems and no errors. All scripts running without reinstall. You are awesome!

 

[Protik]

It seems Skynet is blocking wordpress blogs like this one. I checked and AlienVault says it was previously malicious. Now I can whitelist it to go through, but will that be safe?

 

[thelonelycoder]

It seems Skynet is blocking wordpress blogs like this one. I checked and AlienVault says it was previously malicious. Now I can whitelist it to go through, but will that be safe?

That's safe unless you visit the one or two malicious subdomains that cause wordpress blogs to be banned.