Skynet Skynet - Router Firewall & Security Enhancements

[Adamm]

Hello Adamm. I was looking at the security tests on http://www.shieldtest.com/ I failed the Malware test. Have you seen the test and is this the result I should expect since Skynet is not an active blocking program? Or have I misunderstood this?

as an FYI to all, with all the TrendMicro AiProtection options enabled I failed miserably on the tests. Notably a failure on DDOS and Intrusion Prevention System

thanks, Bj

This tests looks like a marketing gimmick for a consulting agency (Omninet) trying to push their own IPS system. Take it as a grain of salt.

 

[keef]

Thanks, Adamm. Your voice I trust.

Bj

 

[keef]

Do you have any suggestions for baning Google smart speakers from calling home? I have been messing around with Ban devices however all I end up with is an unuseable blocked device.

thanks, Bj

 

[Butterfly Bones]

Do you have any suggestions for baning Google smart speakers from calling home? I have been messing around with Ban devices however all I end up with is an unuseable blocked device.

thanks, Bj

Yes, I have tried many things, seems the only way to stop them calling home is not use them.

 

[QuikSilver]

Yes, I have tried many things, seems the only way to stop them calling home is not use them.

I don't own one but I would assume that blocking it from calling home would stop it from working essentially??

 

[skeal]

Yes, I have tried many things, seems the only way to stop them calling home is not use them.

You can setup the device on a guest wifi network and use YazFi to isolate it from the rest of your network, neutralizing most of the problem.

 

[Butterfly Bones]

You can setup the device on a guest wifi network and use YazFi to isolate it from the rest of your network, neutralizing most of the problem.

Yes, but then I have to move my lights, TV, chromecast, and all other smart devices, including cell phones to that guest network. Too. Much.

I might be an old geek, but I love my tech toys. For now they are all behind a VPN and Stubby, so I think I have them protected from snoops, plus Skynet keeps the evil bot probes out. They complain every so often, but I take that as a good sign.

 

[skeal]

Yes, but then I have to move my lights, TV, chromecast, and all other smart devices, including cell phones to that guest network. Too. Much.

I might be an old geek, but I love my tech toys. For now they are all behind a VPN and Stubby, so I think I have them protected from snoops, plus Skynet keeps the evil bot probes out. They complain every so often, but I take that as a good sign.

I know, I don't isolate my own because of the useless nature they suddenly have from doing so. I like you rely on other means of keeping my network safe. I'm a pretty safe user. IMHO....LOL

 

[unsynaps]

Is there any way to stop skynet from adding a line to post-mount for turning swap on?
I already have code in the file for that but the script re-add's its own EVERY restart.

EDIT: Found this in the syslog.

Skynet: [*] Restoring Damaged Swap File ( /tmp/mnt/mpu_storage/swap )

The swap file is not damaged.

EDIT: "Fixed" it after ripping my hair out learning regex to find out why this was happening.

1) My line was "swapon /mnt/mpu_storage/swap" not "swapon /tmp/mnt/mpu_storage/swap" so it didnt see it.

After fixing that...

2) The line was " swapon /tmp/mnt/mpu_storage/swap" not "swapon /tmp/mnt/mpu_storage/swap". Note the space in front of it. Indented because it is in a if statement making sure the file is there before trying to 'swapon'.

This really needs to be fixed. Probably does not help I al already testy with entware's installer written by a brain dead howler monkey. Completely gutting a number of my scripts instead of just adding to them (You know, because that makes sense) and trying to figure out why things didn't fire off when they should have this morning.

 

[Adamm]

Is there any way to stop skynet from adding a line to post-mount for turning swap on?
I already have code in the file for that but the script re-add's its own EVERY restart.

There is a standardized method for swap management for the scriptwriters of this community to simplify support requests and interaction between scripts.

swapon "$(grep -E "^swapon " /jffs/scripts/post-mount | awk '{print $2}')" 2>/dev/null

I highly suggest you leave swap management to these scripts as it works flawlessly, otherwise it's up to you to make your own implementation work. As you can see the regex specifically looks for "^swapon" to prevent false positives on incorrect entries.

 

[keef]

What is the purpose of blocking countries manually? Would not any harm coming from those countries be blocked by Skynet already? I'm not being critical of the feature, I'm just trying to understand it.

thanks, Bj

 

[martinr]

What is the purpose of blocking countries manually? Would not any harm coming from those countries be blocked by Skynet already? I'm not being critical of the feature, I'm just trying to understand it.

thanks, Bj

That’s a good question; I’ve wondered about it, too, and supposed that, yes, Skynet would already give protection but only if the malicious IP address was blacklisted. But then I also supposed that determined malicious operators can easily, by vpns and other methods, make it appear as though they are coming from relatively trusted countries. So I decided country blocking is an extra layer of security but it might be a thin one. Nevertheless, I have around 30 such countries in my list.

Be interesting to see what others say.

 

[Adamm]

What is the purpose of blocking countries manually? Would not any harm coming from those countries be blocked by Skynet already? I'm not being critical of the feature, I'm just trying to understand it.

thanks, Bj

That’s a good question; I’ve wondered about it, too, and supposed that, yes, Skynet would already give protection but only if the malicious IP address was blacklisted. But then I also supposed that determined malicious operators can easily, by vpns and other methods, make it appear as though they are coming from relatively trusted countries.

Be interesting to see what others say.

I personally don't use the feature, but iirc people requested it to block "spammy" countries entirely.

 

[martinr]

I personally don't use the feature, but iirc people requested it to block "spammy" countries entirely.

Thanks, Adam, so my thinking isn’t a million miles out.

 

[#TY]

Noob questions

I just disabled the built-in AI protection on my Asus router in favour of installing and using Skynet.
Skynet installed without any issues via AMTM. (I used all the default recommendations during the install)
How do I know that it is actually working? Is there anything else I need to set/tweak?
I should also add that I had Diversion and Stubby installed prior to Skynet. Are there any needed adjustments to any of those services now that Skynet is installed?

Thanks in advance.

 

[Adamm]

I just disabled the built-in AI protection on my Asus router in favour of installing and using Skynet.

I recommend against disabling AiProtect. Skynets goal is to enhance built in functionality, not replace it. There is no good reason to keep it disabled.

Skynet installed without any issues via AMTM. (I used all the default recommendations during the install)
How do I know that it is actually working? Is there anything else I need to set/tweak?
I should also add that I had Diversion and Stubby installed prior to Skynet. Are there any needed adjustments to any of those services now that Skynet is installed?

After installation (or reboot) you should see output similar the following indicating the script is working.

Sep 15 21:55:39 Skynet: [%] Startup Initiated... ( skynetloc=/tmp/mnt/Elements/skynet )
Sep 15 21:56:00 Skynet: [#] 132577 IPs (+0) -- 1828 Ranges Banned (+0) || 0 Inbound -- 0 Outbound Connections Blocked! [start] [21s]

Skynet works fine with other user scripts such as diversion and stubby, no additional steps required.

 

[Raynbow6]

I always thought Skynet is an addition to AIprotect and thus should not be diasbled?

Verstuurd vanaf mijn SM-T580 met Tapatalk

 

[#TY]

I recommend against disabling AiProtect. Skynets goal is to enhance built in functionality, not replace it. There is no good reason to keep it disabled.

The reason I disabled it is because I just read that it sends all sort of info from your network (i.e. email, web browsing, etc) to TrendMicro which I find terribly invasive This is even included in the agreement they make you consent to upon activating that feature.

 

[^Tripper^]

If you’ve just installed skynet, launch diversion so that it can change to a “standard+” hosts files (if required). Diversion should detect skynet and offer to change that automagically.

 

[#TY]

If you’ve just installed skynet, launch diversion so that it can change to a “standard+” hosts files (if required). Diversion should detect skynet and offer to change that automagically.

Thanks, I've just done that