Skynet Skynet - Router Firewall & Security Enhancements

[skeal]

@Adamm I have noticed since changing over to dns over https, that inbound bans are down by 50 to 60 an hour that's like over 1/3 of my inbound stats is this expected or....?

 

[hervon]

Updated my AC86U to new firmware with IPSet fixes. Running Skynet 5.7.2 without issue so far. Thanks both of you guys!

 

[XIII]

For AC86U users only, others shouldn't have any issues on the regular build.

I don't see this commit gdf4559d61 in the RMerl/asuswrt-merlin.ng repo, nor a pull request.

Is this from a private repo? If not, where can the source be seen?

Just curious (or overcautious?), I guess; I know both @john9527 and @Adamm are trustworthy members that offer a lot to this community (thanks guys!). Still I feel a little hesitant to install a binary from a OneDrive I have not visited before...

 

[Adamm]

I don't see this commit gdf4559d61 in the RMerl/asuswrt-merlin.ng repo, nor a pull request.

Is this from a private repo? If not, where can the source be seen?

Just curious (or overcautious?), I guess; I know both @john9527 and @Adamm are trustworthy members that offer a lot to this community (thanks guys!). Still I feel a little hesitant to install a binary from a OneDrive I have not visited before...

It was a build John put together on his local build env and sent the patches over to Merlin accordingly. They will be added whenever Merlin gets a chance and is able to fit it into the current release cycle, we simply put out an unofficial build and uploaded it on Johns personal OneDrive account for users sake as the issue was causing reboot loops. No one is forced to use it (and the only change is IPSet fyi), but for those who don't want to wait for the regular release cycle its there.

 

[hervon]

It was a build John put together on his local build env and sent the patches over to Merlin accordingly. They will be added whenever Merlin gets a chance and is able to fit it into the current release cycle, we simply put out an unofficial build and uploaded it on Johns personal OneDrive account for users sake as the issue was causing reboot loops. No one is forced to use it (and the only change is IPSet fyi), but for those who don't want to wait for the regular release cycle its there.

Currently using this built without issue. Thanks!

 

[XIII]

Installed the build as well, to do my small part of the community work.

Will report if I notice anything (though I'm quite new to SkyNet).

 

[Gingernut]

I was forced to uninstalled on a 86U just a few days back because of strange network drops and reboots, installed the test build plus latest Skynet and seems to be just fine now, thank you all very much.

 

[HardCat]

@Adamm, last night I updated to the latest build you and @john9527 provided and am very happy to report after having previously suffered the reboot problem, Skynet and my RT-AC86U are working very well now!

Thank You...

 

[Adamm]

I've pushed versions 5.7.3 & 5.7.4

Skynet will now refresh the IP's of manual domain ban/whitelist entries upon restart. What this means is lets say you ban the domain google.com which resolves to the IP 1.1.1.1 at the time of banning, but a few days later the website changes to the IP 2.2.2.2 , Skynet upon restart will re-lookup these domains and process them accordingly. This is a pretty edge case, but a feature I decided to add for long term continuity.

Beyond that, Skynet finally seems stable (and fast!) on the AC86U. Going forward I look to implement similar QOL ideas as speed is no longer a factor as this device and I assume future devices are significantly faster then previous models. For users looking to upgrade router models, the AC86U definitely doesn't disappoint when it comes to CPU/Wireless/VPN speed.

 

[Adamm]

@Adamm I have noticed since changing over to dns over https, that inbound bans are down by 50 to 60 an hour that's like over 1/3 of my inbound stats is this expected or....?

I'd say its purely a coincidence, or maybe the dark web decided to go easier on you this week and lay off the attacks

 

[DonnyJohnny]

Thanks updated...
For the start of 2018... the ddos/hacking activities are super heavy.
Ie Japan crypto exchange hacked, NL bank and tax agency ddosed, etc.
Even firehol ip block list also increased a lot.
Thanks to Skynet, I feel slightly safer.
At least we did our part, trying not to be part of the zombie Attack.

 

[hervon]

No issue so far with 5.7.4 along with fixed IPSet firmware. Thanks!

 

[SMS786]

@Adamm I have noticed since changing over to dns over https, that inbound bans are down by 50 to 60 an hour that's like over 1/3 of my inbound stats is this expected or....?

Dns over https...as in dnscrypt? Just curious..

 

[skeal]

Dns over https...as in dnscrypt? Just curious..

This is @Adamm's Skynet forum please search dnscrypt installer.

 

[JJQuin]

So I was following the AB-Solutions logs and I noticed the router sending and receiving packets to/from Trend Micro. These seem to be sent through the WAN interface. I can see it requesting trendmicro.com from the DNS servers' I have setup on the WAN page of the web interface.

I was wondering if the Asus/Trend Micro Malicious Web Site blocking did any kind of encryption on the packets sent and received from the Trend Micro's servers. I have all my traffic go through a VPN (except the router per Merlin's recommendation) and it would kind of defeat the purpose of the VPN if the router sent every website I visited to Trend Micro in the clear.

Is it safe to disable the AI Protection/Malicious Sites Blocking and just use Skynet? I know this question has probably been asked here before, but there are 95 pages and I wasn't able to find an answer by searching. If not is there a way I can make sure the packets the AI Protection is sending and receiving are encrypted or go through my VPN?

Any help with these questions would be appreciated.

 

[Adamm]

Is it safe to disable the AI Protection/Malicious Sites Blocking and just use Skynet? I know this question has probably been asked here before, but there are 95 pages and I wasn't able to find an answer by searching. If not is there a way I can make sure the packets the AI Protection is sending and receiving are encrypted or go through my VPN?

I'd keep AI Protection enabled, there's no real reason to disable it. I would assume all analytic data they send is anonymized and/or encrypted, you could try sniff the packets yourself as I would assume there's packages on entware capable of doing so.

 

[Adamm]

For AC86U users, Merlin has pushed the official test builds with the IPSet changes here, I suggest updating and reporting any bugs accordingly.

 

[SMS786]

This is @Adamm's Skynet forum please search dnscrypt installer.

Well familiar with it...just wanted to make sure that's what was being referred to.

 

[glehel]

Does anyone know what happened this time?
one after the other in syslog

Feb 3 02:00:06 Skynet: [Complete] 133777 IPs / 1827 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 441 Inbound / 13 Outbound Connections Blocked! [6s]
Feb 3 02:27:24 Skynet: [Complete] 113633 IPs / 1655 Ranges Banned. -20144 New IPs / -172 New Ranges Banned. 464 Inbound / 13 Outbound Connections Blocked! [144s]

 

[Adamm]

Does anyone know what happened this time?
one after the other in syslog

Feb 3 02:00:06 Skynet: [Complete] 133777 IPs / 1827 Ranges Banned. 0 New IPs / 0 New Ranges Banned. 441 Inbound / 13 Outbound Connections Blocked! [6s]
Feb 3 02:27:24 Skynet: [Complete] 113633 IPs / 1655 Ranges Banned. -20144 New IPs / -172 New Ranges Banned. 464 Inbound / 13 Outbound Connections Blocked! [144s]

The first entry is the hourly save/logging. The second is banmalware updating. These lists it sources from are dynamic and can vary in the amount of entries banned.