What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

and how exactly do you remove these "white-spaces" as I tried every option is notepad++ and it could not find any white-spaces
If you open the file in something like 'Winhex' (A 'Hex Editor' +++) you can identify the trailing characters on each line.
You will then be able to 'Search & replace' them.
 
and how exactly do you remove these "white-spaces" as I tried every option is notepad++ and it could not find any white-spaces

Look for the option “remove trailing white spaces” in N++
 
Hi Adamm. Is there documentation for the Skynet features available under option 11? Some are in green, one is red and another is yellow. I'd just like to better understand what the options are.

thanks, Bj
 
Last edited:
I've pushed v6.8.3

Code:
Limit device name field to 40chars
Don't display invalid IPv6 entries in device list
 
Hi @Adamm, thanks for the great tool dude. Much appreciated.

Can this also be deployed on a VPS running ubuntu or does it need to be modified?

Thanks!
 
Hi @Adamm, thanks for the great tool dude. Much appreciated.

Can this also be deployed on a VPS running ubuntu or does it need to be modified?

Thanks!

It would need to be modified as a lot of features were designed around this firmware.
 
Hi there
I'm new on this and plese exuse my bad english...but here is my quetion...
I just installed on my RT-AC3200 your Firefall and got the piture to be attacked?

This is my log....

Mar 21 12:03:09 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=1c:b7:2c:84:c3:70:00:01:5c:99:76:46:08:00 SRC=122.228.19.79 DST=87.245.81.108 LEN=44 TOS=0x00 PREC=0x00 TTL=106 ID=60514 PROTO=TCP SPT=12709 DPT=3690 SEQ=2561175240 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B4)
Mar 21 12:03:14 Skynet: [#] 162261 IPs (+0) -- 1742 Ranges Banned (+0) || 0 Inbound -- 0 Outbound Connections Blocked! [start] [28s]
Mar 21 12:03:38 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=1c:b7:2c:84:c3:70:00:01:5c:99:76:46:08:00 SRC=193.106.31.194 DST=87.245.81.108 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=59614 PROTO=TCP SPT=57945 DPT=4042 SEQ=1176942200 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 21 12:03:59 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=1c:b7:2c:84:c3:70:00:01:5c:99:76:46:08:00 SRC=81.22.45.231 DST=87.245.81.108 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=16926 PROTO=TCP SPT=55841 DPT=51615 SEQ=3207650029 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 21 12:04:47 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=1c:b7:2c:84:c3:70:00:01:5c:99:76:46:08:00 SRC=185.143.221.198 DST=87.245.81.108 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=46107 PROTO=TCP SPT=47740 DPT=44000 SEQ=4207693463 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 21 12:04:48 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=1c:b7:2c:84:c3:70:00:01:5c:99:76:46:08:00 SRC=193.106.31.194 DST=87.245.81.108 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=61607 PROTO=TCP SPT=57945 DPT=7709 SEQ=936230870 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 21 12:04:50 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=1c:b7:2c:84:c3:70:00:01:5c:99:76:46:08:00 SRC=141.98.89.143 DST=87.245.81.108 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=15692 PROTO=TCP SPT=40165 DPT=3271 SEQ=1702191335 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 21 12:05:21 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=1c:b7:2c:84:c3:70:00:01:5c:99:76:46:08:00 SRC=185.211.245.157 DST=87.245.81.108 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=3372 PROTO=TCP SPT=55089 DPT=2079 SEQ=1010979935 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 21 12:05:27 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=1c:b7:2c:84:c3:70:00:01:5c:99:76:46:08:00 SRC=185.143.221.198 DST=87.245.81.108 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=51759 PROTO=TCP SPT=47740 DPT=59001 SEQ=611089722 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
and so on....

A look to the Firewall with ssh got this-->

162261 IPs (+0) -- 1742 Ranges Banned (+0) || 99 Inbound -- 0 Outbound Connections Blocked!


So i got 99 attacks during short time, or how should i unterstand this ?
Thank you all for your great help !

ivi
 
Hi there
I'm new on this and plese exuse my bad english...but here is my quetion...
I just installed on my RT-AC3200 your Firefall and got the piture to be attacked?

This is my log....

Mar 21 12:03:09 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=1c:b7:2c:84:c3:70:00:01:5c:99:76:46:08:00 SRC=122.228.19.79 DST=87.245.81.108 LEN=44 TOS=0x00 PREC=0x00 TTL=106 ID=60514 PROTO=TCP SPT=12709 DPT=3690 SEQ=2561175240 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B4)
Mar 21 12:03:14 Skynet: [#] 162261 IPs (+0) -- 1742 Ranges Banned (+0) || 0 Inbound -- 0 Outbound Connections Blocked! [start] [28s]
Mar 21 12:03:38 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=1c:b7:2c:84:c3:70:00:01:5c:99:76:46:08:00 SRC=193.106.31.194 DST=87.245.81.108 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=59614 PROTO=TCP SPT=57945 DPT=4042 SEQ=1176942200 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 21 12:03:59 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=1c:b7:2c:84:c3:70:00:01:5c:99:76:46:08:00 SRC=81.22.45.231 DST=87.245.81.108 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=16926 PROTO=TCP SPT=55841 DPT=51615 SEQ=3207650029 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 21 12:04:47 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=1c:b7:2c:84:c3:70:00:01:5c:99:76:46:08:00 SRC=185.143.221.198 DST=87.245.81.108 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=46107 PROTO=TCP SPT=47740 DPT=44000 SEQ=4207693463 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 21 12:04:48 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=1c:b7:2c:84:c3:70:00:01:5c:99:76:46:08:00 SRC=193.106.31.194 DST=87.245.81.108 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=61607 PROTO=TCP SPT=57945 DPT=7709 SEQ=936230870 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 21 12:04:50 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=1c:b7:2c:84:c3:70:00:01:5c:99:76:46:08:00 SRC=141.98.89.143 DST=87.245.81.108 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=15692 PROTO=TCP SPT=40165 DPT=3271 SEQ=1702191335 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 21 12:05:21 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=1c:b7:2c:84:c3:70:00:01:5c:99:76:46:08:00 SRC=185.211.245.157 DST=87.245.81.108 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=3372 PROTO=TCP SPT=55089 DPT=2079 SEQ=1010979935 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
Mar 21 12:05:27 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=1c:b7:2c:84:c3:70:00:01:5c:99:76:46:08:00 SRC=185.143.221.198 DST=87.245.81.108 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=51759 PROTO=TCP SPT=47740 DPT=59001 SEQ=611089722 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0
and so on....

A look to the Firewall with ssh got this-->

162261 IPs (+0) -- 1742 Ranges Banned (+0) || 99 Inbound -- 0 Outbound Connections Blocked!


So i got 99 attacks during short time, or how should i unterstand this ?
Thank you all for your great help !

ivi


Those logs are fine, Skynet is working as expected.
 
First thank you for your fast answer and help!


meanwhile i get 2-3 entry in one minutes....

upload_2019-3-21_14-31-7.png


If this is "normal", this means this is a type of backgrund-Internet sough?

If yes, how can i stop the log to write this?
becouse , if all 10 secounds one log is to wirte it costs only cpu and space for nothing....

Greetings ivi
 
First thank you for your fast answer and help!


meanwhile i get 2-3 entry in one minutes....

View attachment 16637

If this is "normal", this means this is a type of backgrund-Internet sough?

If yes, how can i stop the log to write this?
becouse , if all 10 secounds one log is to wirte it costs only cpu and space for nothing....

Greetings ivi
Since I'm back from vacation, your best bet is to wait a week or so until I get over this cold and finish my installer for syslog-ng, which will include scripts to automatically move this stuff to it's own file. I'm thinking about releasing a version that's feature-incomplete (no uninstaller for instance) rather than waiting for it to be 100% since this keeps coming up. :)

I thought I could wrap it up while on vacation, but alas, that didn't materialize, and the wife and I caught bad colds last Saturday, which has kept my brain too fuzzy to have a decent go at finishing it.
 
First thank you for your fast answer and help!


meanwhile i get 2-3 entry in one minutes....

View attachment 16637

If this is "normal", this means this is a type of backgrund-Internet sough?

If yes, how can i stop the log to write this?
becouse , if all 10 secounds one log is to wirte it costs only cpu and space for nothing....

Greetings ivi

You are seeing those entries because debug mode is enabled, you can disable this in the menu (but you will loose stat functionality). But yes, that is internet background noise from bots scanning the web.
 
Wow, Guys, this is impressing for me!

So much Sound and movement for nothing on the www!!!

Like rush hour in a crowded City...



I', m also impressed how fast and friendly this community is!

Adamm and cmkelly, you share your many many hour work with the community.

Thats really large hearted!


Since I'm back from vacation, your best bet is to wait a week or so until I get over this cold and finish my installer for syslog-ng, which will include scripts to automatically move this stuff to it's own file. I'm thinking about releasing a version that's feature-incomplete (no uninstaller for instance) rather than waiting for it to be 100% since this keeps coming up.
clip_image001.png



I thought I could wrap it up while on vacation, but alas, that didn't materialize, and the wife and I caught bad colds last Saturday, which has kept my brain too fuzzy to have a decent go at finishing it.


I wish you good health and fast recovering.



Greetings ivi
 
Banmalware update was not behaving as it usually does here since i updated to beta2 so been checking it for 2-3 days and ip`s and ranges only increased with each banmalware update so it was at 212000 something ip and almost 3000 ranges so tried restart skynet and after that the router and another banmalware update then uninstalled skynet and reinstalled and now it looks more normal.
Dont know why it was like that..will keep an eye on it
Mar 21 18:07:25 Skynet: [#] 158394 IPs (+0) -- 1641 Ranges Banned
(Have a cron set for the updating cru a SkynetBanUpdate "41 1-23/4 * * * sh /jffs/scripts/firewall banmalware")
 
Last edited:
Banmalware update was not behaving as it usually does here since i updated to beta2 so been checking it for 2-3 days and ip`s and ranges only increased with each banmalware update so it was at 212000 something ip and almost 3000 ranges so tried restart skynet and after that the router and another banmalware update then uninstalled skynet and reinstalled and now it looks more normal.
Dont know why it was like that..will keep an eye on it
Mar 21 18:07:25 Skynet: [#] 158394 IPs (+0) -- 1641 Ranges Banned
(Have a cron set for the updating cru a SkynetBanUpdate "41 1-23/4 * * * sh /jffs/scripts/firewall banmalware")

Looks like it continues..anything i can try?
Code:
Mar 21 21:42:00 Skynet: [#] 159900 IPs (+1506) -- 1716 Ranges Banned (+75)
Mar 22 01:42:02 Skynet: [#] 161504 IPs (+1604) -- 1778 Ranges Banned (+62)
Mar 22 05:42:06 Skynet: [#] 163622 IPs (+2118) -- 1817 Ranges Banned (+39)
Mar 22 09:06 update to beta 3
Mar 22 09:42:08 Skynet: [#] 167732 IPs (+4110) -- 1860 Ranges Banned (+43)
Mar 22 11:15:54 Skynet: [#] 168369 IPs (+637) -- 1868 Ranges Banned (+8) (Manual update)
Mar 22 13:42:08 Skynet: [#] 169204 IPs (+835) -- 1914 Ranges Banned (+46)
Mar 22 17:42:14 Skynet: [#] 170834 IPs (+1630) -- 1979 Ranges Banned (+65)
USB Check looks good i guess
Code:
Fri Mar 22 09:17:28 MET 2019 Starting 'e2fsck -p /dev/sda1'
 Zastoff: clean, 1377/3809280 files, 1058846/7613952 blocks
 
Looks like it continues..anything i can try?
Code:
Mar 21 21:42:00 Skynet: [#] 159900 IPs (+1506) -- 1716 Ranges Banned (+75)
Mar 22 01:42:02 Skynet: [#] 161504 IPs (+1604) -- 1778 Ranges Banned (+62)
Mar 22 05:42:06 Skynet: [#] 163622 IPs (+2118) -- 1817 Ranges Banned (+39)
Mar 22 09:06 update to beta 3
Mar 22 09:42:08 Skynet: [#] 167732 IPs (+4110) -- 1860 Ranges Banned (+43)
Mar 22 11:15:54 Skynet: [#] 168369 IPs (+637) -- 1868 Ranges Banned (+8) (Manual update)
Mar 22 13:42:08 Skynet: [#] 169204 IPs (+835) -- 1914 Ranges Banned (+46)
Mar 22 17:42:14 Skynet: [#] 170834 IPs (+1630) -- 1979 Ranges Banned (+65)
USB Check looks good i guess
Code:
Fri Mar 22 09:17:28 MET 2019 Starting 'e2fsck -p /dev/sda1'
 Zastoff: clean, 1377/3809280 files, 1058846/7613952 blocks

Thanks, I've pushed v6.8.4 with a fix.

Code:
Fix banmalware not removing stale entries with new comment format
 
Looks like it continues..anything i can try?
Code:
Mar 21 21:42:00 Skynet: [#] 159900 IPs (+1506) -- 1716 Ranges Banned (+75)
Mar 22 01:42:02 Skynet: [#] 161504 IPs (+1604) -- 1778 Ranges Banned (+62)
Mar 22 05:42:06 Skynet: [#] 163622 IPs (+2118) -- 1817 Ranges Banned (+39)
Mar 22 09:06 update to beta 3
Mar 22 09:42:08 Skynet: [#] 167732 IPs (+4110) -- 1860 Ranges Banned (+43)
Mar 22 11:15:54 Skynet: [#] 168369 IPs (+637) -- 1868 Ranges Banned (+8) (Manual update)
Mar 22 13:42:08 Skynet: [#] 169204 IPs (+835) -- 1914 Ranges Banned (+46)
Mar 22 17:42:14 Skynet: [#] 170834 IPs (+1630) -- 1979 Ranges Banned (+65)
USB Check looks good i guess
Code:
Fri Mar 22 09:17:28 MET 2019 Starting 'e2fsck -p /dev/sda1'
 Zastoff: clean, 1377/3809280 files, 1058846/7613952 blocks
AlienVault has been adding more IPs lately and not removing any for the last few days. Here is my complete Skynet banmalware update history March 10 - 22, the totals seem along the same as your more frequent updates though I did not do the math to confirm. o_O

Code:
Mar 10 07:12:24 Skynet: [#] 148708 IPs (-1810) -- 29099 Ranges Banned (-25)
Mar 11 02:25:27 Skynet: [#] 148266 IPs (-442) -- 29125 Ranges Banned (+26)
Mar 12 02:25:26 Skynet: [#] 158777 IPs (+10511) -- 29146 Ranges Banned (+21)
Mar 13 03:25:46 Skynet: [#] 159655 IPs (+878) -- 29202 Ranges Banned (+56)
Mar 14 08:25:18 Skynet: [#] 158930 IPs (-725) -- 29204 Ranges Banned (+2)
Mar 16 06:25:31 Skynet: [#] 162858 IPs (+3885) -- 29257 Ranges Banned (+58)
Mar 17 06:25:27 Skynet: [#] 167370 IPs (+4512) -- 29305 Ranges Banned (+48)
Mar 18 05:25:26 Skynet: [#] 171068 IPs (+3698) -- 29344 Ranges Banned (+39)
Mar 19 04:25:29 Skynet: [#] 186070 IPs (+15002) -- 29601 Ranges Banned (+257)
Mar 20 04:25:29 Skynet: [#] 197166 IPs (+11096) -- 29796 Ranges Banned (+195)
Mar 21 06:25:25 Skynet: [#] 208043 IPs (+10877) -- 30004 Ranges Banned (+208)
Mar 22 05:25:25 Skynet: [#] 217837 IPs (+9794) -- 30170 Ranges Banned (+166)
My ranges banned is very high due to my country bans.
Code:
Banned Countries; cn br ir ua ar iq th lv ru ro cl sa pk bg
 
AlienVault has been adding more IPs lately and not removing any for the last few days. Here is my complete Skynet banmalware update history March 10 - 22, the totals seem along the same as your more frequent updates though I did not do the math to confirm. o_O

Code:
Mar 10 07:12:24 Skynet: [#] 148708 IPs (-1810) -- 29099 Ranges Banned (-25)
Mar 11 02:25:27 Skynet: [#] 148266 IPs (-442) -- 29125 Ranges Banned (+26)
Mar 12 02:25:26 Skynet: [#] 158777 IPs (+10511) -- 29146 Ranges Banned (+21)
Mar 13 03:25:46 Skynet: [#] 159655 IPs (+878) -- 29202 Ranges Banned (+56)
Mar 14 08:25:18 Skynet: [#] 158930 IPs (-725) -- 29204 Ranges Banned (+2)
Mar 16 06:25:31 Skynet: [#] 162858 IPs (+3885) -- 29257 Ranges Banned (+58)
Mar 17 06:25:27 Skynet: [#] 167370 IPs (+4512) -- 29305 Ranges Banned (+48)
Mar 18 05:25:26 Skynet: [#] 171068 IPs (+3698) -- 29344 Ranges Banned (+39)
Mar 19 04:25:29 Skynet: [#] 186070 IPs (+15002) -- 29601 Ranges Banned (+257)
Mar 20 04:25:29 Skynet: [#] 197166 IPs (+11096) -- 29796 Ranges Banned (+195)
Mar 21 06:25:25 Skynet: [#] 208043 IPs (+10877) -- 30004 Ranges Banned (+208)
Mar 22 05:25:25 Skynet: [#] 217837 IPs (+9794) -- 30170 Ranges Banned (+166)
My ranges banned is very high due to my country bans.
Code:
Banned Countries; cn br ir ua ar iq th lv ru ro cl sa pk bg

Update and re-run banmalware, the issue should correct itsself
 
Thank you Adamm
Mar 22 18:36:01 Skynet: [#] 158003 IPs (-12831) -- 1688 Ranges Banned (-291) ;)
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top