What's new

Skynet Skynet - Router Firewall & Security Enhancements

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Okay, so nobody seems to know what a minimum configuration of Skynet is = "It is the one stop shop for router security and the first line of defense in your home network." ?
 
Has anyone any well let's call it a default start for what is good to use?

Background: I have been using yet another script, and it still just works. So what do I need with Skynet? Well block countries I already have. What more? Autobahn is on from install?
Okay, so nobody seems to know what a minimum configuration of Skynet is = "It is the one stop shop for router security and the first line of defense in your home network." ?

Enable the banmalware feature during the install process and your good to go, anything beyond that is complete user choice and can be added at any time.
 
Any chances of a custom router page UI, similar to uiDivStats?

Unfortunately due to technical limitations a WebUI isn't on the cards right now.
 
I was looking into it, but restarting Skynet kept taking my router down with it for some reason. I got told to uninstall it before I could spend time tracing the cause!
Understood. Since installing it, I have been obsessed with checking out the stats; would be cool if it was its own page next to Diversion stats. Pretty cool and powerful stuff; enterprise-grade network on a $160 router.
 
Hi,

I used befor asusmerlin - openwrt - but after 1 year I give up - to complicated (for me)!

Asus Merlin with Diversion and Skynet ! PERFECT !!! Thank U
OpenVPN Server / Client / Policy everything is working easy and perfect

But now I have my first question:

What happens in my skynet ?

What should/could I do ?

192.168.2.150 is the Asus IP in fritzbox ...

Jul 17 19:20:09 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=19799 DF PROTO=UDP SPT=35336 DPT=123 LEN=56
Jul 17 19:20:42 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=20167 DF PROTO=UDP SPT=54738 DPT=123 LEN=56
Jul 17 19:21:15 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=23434 DF PROTO=UDP SPT=54681 DPT=123 LEN=56
Jul 17 19:21:48 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=25707 DF PROTO=UDP SPT=53743 DPT=123 LEN=56
Jul 17 19:22:21 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=25899 DF PROTO=UDP SPT=34531 DPT=123 LEN=56
Jul 17 19:22:54 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=29185 DF PROTO=UDP SPT=39664 DPT=123 LEN=56
Jul 17 19:23:27 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=31996 DF PROTO=UDP SPT=36862 DPT=123 LEN=56
Jul 17 19:24:01 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=32191 DF PROTO=UDP SPT=53328 DPT=123 LEN=56
Jul 17 19:24:34 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=34013 DF PROTO=UDP SPT=35143 DPT=123 LEN=56
Jul 17 19:25:07 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=34874 DF PROTO=UDP SPT=37349 DPT=123 LEN=56
Jul 17 19:25:40 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=35082 DF PROTO=UDP SPT=56726 DPT=123 LEN=56
Jul 17 19:26:13 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=37776 DF PROTO=UDP SPT=36967 DPT=123 LEN=56
Jul 17 19:26:45 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=39407 DF PROTO=UDP SPT=55452 DPT=123 LEN=56
Jul 17 19:27:18 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=39718 DF PROTO=UDP SPT=55748 DPT=123 LEN=56
Jul 17 19:27:51 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=42926 DF PROTO=UDP SPT=36878 DPT=123 LEN=56
Jul 17 19:28:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=44693 DF PROTO=UDP SPT=58075 DPT=123 LEN=56
Jul 17 19:28:57 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=44995 DF PROTO=UDP SPT=43934 DPT=123 LEN=56
Jul 17 19:29:30 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=46061 DF PROTO=UDP SPT=45487 DPT=123 LEN=56
Jul 17 19:30:03 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=47110 DF PROTO=UDP SPT=42085 DPT=123 LEN=56


upload_2019-7-17_19-32-56.png


upload_2019-7-17_19-33-48.png



Thank U
M
 
Hi,

I used befor asusmerlin - openwrt - but after 1 year I give up - to complicated (for me)!

Asus Merlin with Diversion and Skynet ! PERFECT !!! Thank U
OpenVPN Server / Client / Policy everything is working easy and perfect

But now I have my first question:

What happens in my skynet ?

What should/could I do ?

192.168.2.150 is the Asus IP in fritzbox ...

Jul 17 19:20:09 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=19799 DF PROTO=UDP SPT=35336 DPT=123 LEN=56
Jul 17 19:20:42 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=20167 DF PROTO=UDP SPT=54738 DPT=123 LEN=56
Jul 17 19:21:15 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=23434 DF PROTO=UDP SPT=54681 DPT=123 LEN=56
Jul 17 19:21:48 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=25707 DF PROTO=UDP SPT=53743 DPT=123 LEN=56
Jul 17 19:22:21 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=25899 DF PROTO=UDP SPT=34531 DPT=123 LEN=56
Jul 17 19:22:54 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=29185 DF PROTO=UDP SPT=39664 DPT=123 LEN=56
Jul 17 19:23:27 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=31996 DF PROTO=UDP SPT=36862 DPT=123 LEN=56
Jul 17 19:24:01 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=32191 DF PROTO=UDP SPT=53328 DPT=123 LEN=56
Jul 17 19:24:34 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=34013 DF PROTO=UDP SPT=35143 DPT=123 LEN=56
Jul 17 19:25:07 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=34874 DF PROTO=UDP SPT=37349 DPT=123 LEN=56
Jul 17 19:25:40 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=35082 DF PROTO=UDP SPT=56726 DPT=123 LEN=56
Jul 17 19:26:13 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=37776 DF PROTO=UDP SPT=36967 DPT=123 LEN=56
Jul 17 19:26:45 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=39407 DF PROTO=UDP SPT=55452 DPT=123 LEN=56
Jul 17 19:27:18 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=39718 DF PROTO=UDP SPT=55748 DPT=123 LEN=56
Jul 17 19:27:51 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=42926 DF PROTO=UDP SPT=36878 DPT=123 LEN=56
Jul 17 19:28:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=44693 DF PROTO=UDP SPT=58075 DPT=123 LEN=56
Jul 17 19:28:57 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=44995 DF PROTO=UDP SPT=43934 DPT=123 LEN=56
Jul 17 19:29:30 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=46061 DF PROTO=UDP SPT=45487 DPT=123 LEN=56
Jul 17 19:30:03 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=47110 DF PROTO=UDP SPT=42085 DPT=123 LEN=56


View attachment 18659

View attachment 18660


Thank U
M

Perhaps investigate whitelisting? https://github.com/Adamm00/IPSet_ASUS/wiki

https://otx.alienvault.com/indicator/ip/94.130.231.116

That IP looks like a time server that is being blocked for some reason...
 
Hi,

I used befor asusmerlin - openwrt - but after 1 year I give up - to complicated (for me)!

Asus Merlin with Diversion and Skynet ! PERFECT !!! Thank U
OpenVPN Server / Client / Policy everything is working easy and perfect

But now I have my first question:

What happens in my skynet ?

What should/could I do ?

192.168.2.150 is the Asus IP in fritzbox ...

Jul 17 19:20:09 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=19799 DF PROTO=UDP SPT=35336 DPT=123 LEN=56
Jul 17 19:20:42 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=20167 DF PROTO=UDP SPT=54738 DPT=123 LEN=56
Jul 17 19:21:15 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=23434 DF PROTO=UDP SPT=54681 DPT=123 LEN=56
Jul 17 19:21:48 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=25707 DF PROTO=UDP SPT=53743 DPT=123 LEN=56
Jul 17 19:22:21 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=25899 DF PROTO=UDP SPT=34531 DPT=123 LEN=56
Jul 17 19:22:54 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=29185 DF PROTO=UDP SPT=39664 DPT=123 LEN=56
Jul 17 19:23:27 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=31996 DF PROTO=UDP SPT=36862 DPT=123 LEN=56
Jul 17 19:24:01 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=32191 DF PROTO=UDP SPT=53328 DPT=123 LEN=56
Jul 17 19:24:34 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=34013 DF PROTO=UDP SPT=35143 DPT=123 LEN=56
Jul 17 19:25:07 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=34874 DF PROTO=UDP SPT=37349 DPT=123 LEN=56
Jul 17 19:25:40 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=35082 DF PROTO=UDP SPT=56726 DPT=123 LEN=56
Jul 17 19:26:13 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=37776 DF PROTO=UDP SPT=36967 DPT=123 LEN=56
Jul 17 19:26:45 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=39407 DF PROTO=UDP SPT=55452 DPT=123 LEN=56
Jul 17 19:27:18 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=39718 DF PROTO=UDP SPT=55748 DPT=123 LEN=56
Jul 17 19:27:51 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=42926 DF PROTO=UDP SPT=36878 DPT=123 LEN=56
Jul 17 19:28:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=44693 DF PROTO=UDP SPT=58075 DPT=123 LEN=56
Jul 17 19:28:57 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=44995 DF PROTO=UDP SPT=43934 DPT=123 LEN=56
Jul 17 19:29:30 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=46061 DF PROTO=UDP SPT=45487 DPT=123 LEN=56
Jul 17 19:30:03 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=47110 DF PROTO=UDP SPT=42085 DPT=123 LEN=56


View attachment 18659

View attachment 18660


Thank U
M
Repeated attempts to reach 94.130.231.116, which is blocked by Skynet...
 
Understood. Since installing it, I have been obsessed with checking out the stats; would be cool if it was its own page next to Diversion stats. Pretty cool and powerful stuff; enterprise-grade network on a $160 router.
Look into scribe thread (syslog-ng and logrotate installer). In that thread many of us have then sent logs to Loggly and they offer a free version as long as logs are under a certain size, mine are wayunder that max free limit. Get info like this. :cool:

screenshot-timsaw-loggly-com-2019-07-17-10-40-54.png


screenshot-timsaw-loggly-com-2019-07-17-10-42-31.png
 
Hi,

I used befor asusmerlin - openwrt - but after 1 year I give up - to complicated (for me)!

Asus Merlin with Diversion and Skynet ! PERFECT !!! Thank U
OpenVPN Server / Client / Policy everything is working easy and perfect

But now I have my first question:

What happens in my skynet ?

What should/could I do ?

192.168.2.150 is the Asus IP in fritzbox ...

Jul 17 19:20:09 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=19799 DF PROTO=UDP SPT=35336 DPT=123 LEN=56
Jul 17 19:20:42 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=20167 DF PROTO=UDP SPT=54738 DPT=123 LEN=56
Jul 17 19:21:15 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=23434 DF PROTO=UDP SPT=54681 DPT=123 LEN=56
Jul 17 19:21:48 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=25707 DF PROTO=UDP SPT=53743 DPT=123 LEN=56
Jul 17 19:22:21 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=25899 DF PROTO=UDP SPT=34531 DPT=123 LEN=56
Jul 17 19:22:54 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=29185 DF PROTO=UDP SPT=39664 DPT=123 LEN=56
Jul 17 19:23:27 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=31996 DF PROTO=UDP SPT=36862 DPT=123 LEN=56
Jul 17 19:24:01 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=32191 DF PROTO=UDP SPT=53328 DPT=123 LEN=56
Jul 17 19:24:34 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=34013 DF PROTO=UDP SPT=35143 DPT=123 LEN=56
Jul 17 19:25:07 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=34874 DF PROTO=UDP SPT=37349 DPT=123 LEN=56
Jul 17 19:25:40 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=35082 DF PROTO=UDP SPT=56726 DPT=123 LEN=56
Jul 17 19:26:13 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=37776 DF PROTO=UDP SPT=36967 DPT=123 LEN=56
Jul 17 19:26:45 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=39407 DF PROTO=UDP SPT=55452 DPT=123 LEN=56
Jul 17 19:27:18 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=39718 DF PROTO=UDP SPT=55748 DPT=123 LEN=56
Jul 17 19:27:51 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=42926 DF PROTO=UDP SPT=36878 DPT=123 LEN=56
Jul 17 19:28:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=44693 DF PROTO=UDP SPT=58075 DPT=123 LEN=56
Jul 17 19:28:57 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=44995 DF PROTO=UDP SPT=43934 DPT=123 LEN=56
Jul 17 19:29:30 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=46061 DF PROTO=UDP SPT=45487 DPT=123 LEN=56
Jul 17 19:30:03 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=47110 DF PROTO=UDP SPT=42085 DPT=123 LEN=56


View attachment 18659

View attachment 18660


Thank U
M
What the log is telling you is, the fritzbox 192.168.2.150 is blocked for trying to get time(DPT=123) from 94.130.231.116. If you trust the ip, you can whitelist it or just change the NTP server in that device to a trusted one. Here's AlienVaults report on the ip.
https://otx.alienvault.com/indicator/ip/94.130.231.116
 
Last edited:
I was looking into it, but restarting Skynet kept taking my router down with it for some reason.

Can't reproduce the latter. As for the technical limitation, the only option right now is just having output saved to a text file and just displaying it which isn't ideal for various reasons. If I were to implement it I'd want something interactive that doesn't introduce a command injection vulnerability. Bit of a catch 22 :rolleyes:

But now I have my first question:

What happens in my skynet ?

What should/could I do ?

192.168.2.150 is the Asus IP in fritzbox ...

Jul 17 19:20:09 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=19799 DF PROTO=UDP SPT=35336 DPT=123 LEN=56

Your router is trying to connect to the NTP server @ 94.130.231.116 which is also on your blacklist.

I don't see this IP on the default blacklist so I assume you are using a custom one or country blocking Germany. In which case you should whitelist it / use less aggressive custom lists.

Code:
skynet@RT-AX88U-DC28:/tmp/home/root# firewall stats search malware 94.130.231.116
#############################################################################################################
#                     _____ _                     _             __                      #
#                    / ____| |                   | |           / /                      #
#                   | (___ | | ___   _ _ __   ___| |_  __   __/ /_                      #
#                    \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \                     #
#                    ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |                    #
#                   |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/                     #
#                                 __/ |                                                 #
#                                |___/                                                  #
#                                                                                     #
## - 05/07/2019 -           Asus Firewall Addition By Adamm v6.8.5                    #
##                   https://github.com/Adamm00/IPSet_ASUS                            #
#############################################################################################################


=============================================================================================================


[i] Debug Data Detected in /tmp/mnt/USB/skynet/skynet.log - 9.1M
[i] Monitoring From Jul 10 10:00:02 To Jul 18 03:57:03
[i] 40238 Block Events Detected
[i] 3372 Unique IPs
[i] 0 Manual Bans Issued


=============================================================================================================


Exact Matches;


--------------       | ---------
| IP Address |       | | List |
--------------       | ---------



Possible CIDR Matches;


--------------       | ---------
| IP Address |       | | List |
--------------       | ---------



=============================================================================================================


[#] 136388 IPs (+0) -- 1671 Ranges Banned (+0) || 52 Inbound -- 0 Outbound Connections Blocked! [stats] [18s]
 
Perhaps investigate whitelisting? https://github.com/Adamm00/IPSet_ASUS/wiki

https://otx.alienvault.com/indicator/ip/94.130.231.116

That IP looks like a time server that is being blocked for some reason...

Hi HairyAOO / visortgw,

Thank you for fast answering - About blocking I know- I was a little bit shocked - but OK timeserver could went to whitelist ...

-> Next time I know / checking IP with alienvault !!!

Thank U // I will spend for that good work (Diversion&Skynet) and forum!


That makes much fun :))
 
Can't reproduce the latter. As for the technical limitation, the only option right now is just having output saved to a text file and just displaying it which isn't ideal for various reasons. If I were to implement it I'd want something interactive that doesn't introduce a command injection vulnerability. Bit of a catch 22 :rolleyes:



Your router is trying to connect to the NTP server @ 94.130.231.116 which is also on your blacklist.

I don't see this IP on the default blacklist so I assume you are using a custom one or country blocking Germany. In which case you should whitelist it / use less aggressive custom lists.

Code:
skynet@RT-AX88U-DC28:/tmp/home/root# firewall stats search malware 94.130.231.116
#############################################################################################################
#                     _____ _                     _             __                      #
#                    / ____| |                   | |           / /                      #
#                   | (___ | | ___   _ _ __   ___| |_  __   __/ /_                      #
#                    \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \                     #
#                    ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |                    #
#                   |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/                     #
#                                 __/ |                                                 #
#                                |___/                                                  #
#                                                                                     #
## - 05/07/2019 -           Asus Firewall Addition By Adamm v6.8.5                    #
##                   https://github.com/Adamm00/IPSet_ASUS                            #
#############################################################################################################


=============================================================================================================


[i] Debug Data Detected in /tmp/mnt/USB/skynet/skynet.log - 9.1M
[i] Monitoring From Jul 10 10:00:02 To Jul 18 03:57:03
[i] 40238 Block Events Detected
[i] 3372 Unique IPs
[i] 0 Manual Bans Issued


=============================================================================================================


Exact Matches;


--------------       | ---------
| IP Address |       | | List |
--------------       | ---------



Possible CIDR Matches;


--------------       | ---------
| IP Address |       | | List |
--------------       | ---------



=============================================================================================================


[#] 136388 IPs (+0) -- 1671 Ranges Banned (+0) || 52 Inbound -- 0 Outbound Connections Blocked! [stats] [18s]

Hi Adamm,

YES I test ``more`` blocking lists

firehol_level1,2,3,4 / ransomware_feed by Abuse


BUT sorry I ``google`` the IP and find https://www.maltiverse.com/ip/94.130.231.116
 
Look into scribe thread (syslog-ng and logrotate installer). In that thread many of us have then sent logs to Loggly and they offer a free version as long as logs are under a certain size, mine are wayunder that max free limit. Get info like this. :cool:

screenshot-timsaw-loggly-com-2019-07-17-10-40-54.png


screenshot-timsaw-loggly-com-2019-07-17-10-42-31.png
Does it support using syslog-ng TLS ?
 
Can't reproduce the latter. As for the technical limitation, the only option right now is just having output saved to a text file and just displaying it which isn't ideal for various reasons. If I were to implement it I'd want something interactive that doesn't introduce a command injection vulnerability. Bit of a catch 22 :rolleyes:



Your router is trying to connect to the NTP server @ 94.130.231.116 which is also on your blacklist.

I don't see this IP on the default blacklist so I assume you are using a custom one or country blocking Germany. In which case you should whitelist it / use less aggressive custom lists.

Code:
skynet@RT-AX88U-DC28:/tmp/home/root# firewall stats search malware 94.130.231.116
#############################################################################################################
#                     _____ _                     _             __                      #
#                    / ____| |                   | |           / /                      #
#                   | (___ | | ___   _ _ __   ___| |_  __   __/ /_                      #
#                    \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \                     #
#                    ____) |   <| |_| | | | |  __/ |_   \ V /| (_) |                    #
#                   |_____/|_|\_\\__, |_| |_|\___|\__|   \_/  \___/                     #
#                                 __/ |                                                 #
#                                |___/                                                  #
#                                                                                     #
## - 05/07/2019 -           Asus Firewall Addition By Adamm v6.8.5                    #
##                   https://github.com/Adamm00/IPSet_ASUS                            #
#############################################################################################################


=============================================================================================================


[i] Debug Data Detected in /tmp/mnt/USB/skynet/skynet.log - 9.1M
[i] Monitoring From Jul 10 10:00:02 To Jul 18 03:57:03
[i] 40238 Block Events Detected
[i] 3372 Unique IPs
[i] 0 Manual Bans Issued


=============================================================================================================


Exact Matches;


--------------       | ---------
| IP Address |       | | List |
--------------       | ---------



Possible CIDR Matches;


--------------       | ---------
| IP Address |       | | List |
--------------       | ---------



=============================================================================================================


[#] 136388 IPs (+0) -- 1671 Ranges Banned (+0) || 52 Inbound -- 0 Outbound Connections Blocked! [stats] [18s]
Parsing text files is easy enough, just need to rip the data out to something like json
 
Parsing text files is easy enough, just need to rip the data out to something like json

By not ideal I was implying that displaying old information and having no ability to interact somewhat defeats the purpose of WebUI integration. Offering anything less then what the menu currently does functionality wise is a step backwards imo.
 
By not ideal I was implying that displaying old information and having no ability to interact somewhat defeats the purpose of WebUI integration. Offering anything less then what the menu currently does functionality wise is a step backwards imo.

I would be more likely to look at the stats from Skynet in the GUI first and then interact as needed. :)
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top