Skynet Skynet - Router Firewall & Security Enhancements
Adamm
Part of the Furniture
Enable the banmalware feature during the install process and your good to go, anything beyond that is complete user choice and can be added at any time.
May I suggest that is included on page 1 of this thread?
Adamm
Part of the Furniture
Unfortunately due to technical limitations a WebUI isn't on the cards right now.
HairyA00
Senior Member
Appreciate the response!
Jack Yaz
Part of the Furniture
I was looking into it, but restarting Skynet kept taking my router down with it for some reason. I got told to uninstall it before I could spend time tracing the cause!
HairyA00
Senior Member
Understood. Since installing it, I have been obsessed with checking out the stats; would be cool if it was its own page next to Diversion stats. Pretty cool and powerful stuff; enterprise-grade network on a $160 router.
mawu
New Around Here
Hi,
I used befor asusmerlin - openwrt - but after 1 year I give up - to complicated (for me)!
Asus Merlin with Diversion and Skynet ! PERFECT !!! Thank U
OpenVPN Server / Client / Policy everything is working easy and perfect
But now I have my first question:
What happens in my skynet ?
What should/could I do ?
192.168.2.150 is the Asus IP in fritzbox ...
Jul 17 19:20:09 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=19799 DF PROTO=UDP SPT=35336 DPT=123 LEN=56
Jul 17 19:20:42 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=20167 DF PROTO=UDP SPT=54738 DPT=123 LEN=56
Jul 17 19:21:15 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=23434 DF PROTO=UDP SPT=54681 DPT=123 LEN=56
Jul 17 19:21:48 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=25707 DF PROTO=UDP SPT=53743 DPT=123 LEN=56
Jul 17 19:22:21 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=25899 DF PROTO=UDP SPT=34531 DPT=123 LEN=56
Jul 17 19:22:54 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=29185 DF PROTO=UDP SPT=39664 DPT=123 LEN=56
Jul 17 19:23:27 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=31996 DF PROTO=UDP SPT=36862 DPT=123 LEN=56
Jul 17 19:24:01 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=32191 DF PROTO=UDP SPT=53328 DPT=123 LEN=56
Jul 17 19:24:34 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=34013 DF PROTO=UDP SPT=35143 DPT=123 LEN=56
Jul 17 19:25:07 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=34874 DF PROTO=UDP SPT=37349 DPT=123 LEN=56
Jul 17 19:25:40 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=35082 DF PROTO=UDP SPT=56726 DPT=123 LEN=56
Jul 17 19:26:13 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=37776 DF PROTO=UDP SPT=36967 DPT=123 LEN=56
Jul 17 19:26:45 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=39407 DF PROTO=UDP SPT=55452 DPT=123 LEN=56
Jul 17 19:27:18 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=39718 DF PROTO=UDP SPT=55748 DPT=123 LEN=56
Jul 17 19:27:51 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=42926 DF PROTO=UDP SPT=36878 DPT=123 LEN=56
Jul 17 19:28:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=44693 DF PROTO=UDP SPT=58075 DPT=123 LEN=56
Jul 17 19:28:57 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=44995 DF PROTO=UDP SPT=43934 DPT=123 LEN=56
Jul 17 19:29:30 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=46061 DF PROTO=UDP SPT=45487 DPT=123 LEN=56
Jul 17 19:30:03 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=47110 DF PROTO=UDP SPT=42085 DPT=123 LEN=56
Thank U
M
I used befor asusmerlin - openwrt - but after 1 year I give up - to complicated (for me)!
Asus Merlin with Diversion and Skynet ! PERFECT !!! Thank U
OpenVPN Server / Client / Policy everything is working easy and perfect
But now I have my first question:
What happens in my skynet ?
What should/could I do ?
192.168.2.150 is the Asus IP in fritzbox ...
Jul 17 19:20:09 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=19799 DF PROTO=UDP SPT=35336 DPT=123 LEN=56
Jul 17 19:20:42 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=20167 DF PROTO=UDP SPT=54738 DPT=123 LEN=56
Jul 17 19:21:15 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=23434 DF PROTO=UDP SPT=54681 DPT=123 LEN=56
Jul 17 19:21:48 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=25707 DF PROTO=UDP SPT=53743 DPT=123 LEN=56
Jul 17 19:22:21 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=25899 DF PROTO=UDP SPT=34531 DPT=123 LEN=56
Jul 17 19:22:54 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=29185 DF PROTO=UDP SPT=39664 DPT=123 LEN=56
Jul 17 19:23:27 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=31996 DF PROTO=UDP SPT=36862 DPT=123 LEN=56
Jul 17 19:24:01 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=32191 DF PROTO=UDP SPT=53328 DPT=123 LEN=56
Jul 17 19:24:34 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=34013 DF PROTO=UDP SPT=35143 DPT=123 LEN=56
Jul 17 19:25:07 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=34874 DF PROTO=UDP SPT=37349 DPT=123 LEN=56
Jul 17 19:25:40 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=35082 DF PROTO=UDP SPT=56726 DPT=123 LEN=56
Jul 17 19:26:13 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=37776 DF PROTO=UDP SPT=36967 DPT=123 LEN=56
Jul 17 19:26:45 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=39407 DF PROTO=UDP SPT=55452 DPT=123 LEN=56
Jul 17 19:27:18 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=39718 DF PROTO=UDP SPT=55748 DPT=123 LEN=56
Jul 17 19:27:51 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=42926 DF PROTO=UDP SPT=36878 DPT=123 LEN=56
Jul 17 19:28:24 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=44693 DF PROTO=UDP SPT=58075 DPT=123 LEN=56
Jul 17 19:28:57 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=44995 DF PROTO=UDP SPT=43934 DPT=123 LEN=56
Jul 17 19:29:30 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=46061 DF PROTO=UDP SPT=45487 DPT=123 LEN=56
Jul 17 19:30:03 kernel: [BLOCKED - OUTBOUND] IN= OUT=eth0 SRC=192.168.2.150 DST=94.130.231.116 LEN=76 TOS=0x08 PREC=0x40 TTL=64 ID=47110 DF PROTO=UDP SPT=42085 DPT=123 LEN=56
Thank U
M
HairyA00
Senior Member
Perhaps investigate whitelisting? https://github.com/Adamm00/IPSet_ASUS/wiki
https://otx.alienvault.com/indicator/ip/94.130.231.116
That IP looks like a time server that is being blocked for some reason...
visortgw
Very Senior Member
Repeated attempts to reach 94.130.231.116, which is blocked by Skynet...
Butterfly Bones
Very Senior Member
Look into scribe thread (syslog-ng and logrotate installer). In that thread many of us have then sent logs to Loggly and they offer a free version as long as logs are under a certain size, mine are wayunder that max free limit. Get info like this.
bluepoint
Very Senior Member
What the log is telling you is, the fritzbox 192.168.2.150 is blocked for trying to get time(DPT=123) from 94.130.231.116. If you trust the ip, you can whitelist it or just change the NTP server in that device to a trusted one. Here's AlienVaults report on the ip.
https://otx.alienvault.com/indicator/ip/94.130.231.116
Last edited:
Adamm
Part of the Furniture
Can't reproduce the latter. As for the technical limitation, the only option right now is just having output saved to a text file and just displaying it which isn't ideal for various reasons. If I were to implement it I'd want something interactive that doesn't introduce a command injection vulnerability. Bit of a catch 22
Your router is trying to connect to the NTP server @ 94.130.231.116 which is also on your blacklist.
I don't see this IP on the default blacklist so I assume you are using a custom one or country blocking Germany. In which case you should whitelist it / use less aggressive custom lists.
Code:
skynet@RT-AX88U-DC28:/tmp/home/root# firewall stats search malware 94.130.231.116
#############################################################################################################
# _____ _ _ __ #
# / ____| | | | / / #
# | (___ | | ___ _ _ __ ___| |_ __ __/ /_ #
# \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \ #
# ____) | <| |_| | | | | __/ |_ \ V /| (_) | #
# |_____/|_|\_\\__, |_| |_|\___|\__| \_/ \___/ #
# __/ | #
# |___/ #
# #
## - 05/07/2019 - Asus Firewall Addition By Adamm v6.8.5 #
## https://github.com/Adamm00/IPSet_ASUS #
#############################################################################################################
=============================================================================================================
[i] Debug Data Detected in /tmp/mnt/USB/skynet/skynet.log - 9.1M
[i] Monitoring From Jul 10 10:00:02 To Jul 18 03:57:03
[i] 40238 Block Events Detected
[i] 3372 Unique IPs
[i] 0 Manual Bans Issued
=============================================================================================================
Exact Matches;
-------------- | ---------
| IP Address | | | List |
-------------- | ---------
Possible CIDR Matches;
-------------- | ---------
| IP Address | | | List |
-------------- | ---------
=============================================================================================================
[#] 136388 IPs (+0) -- 1671 Ranges Banned (+0) || 52 Inbound -- 0 Outbound Connections Blocked! [stats] [18s]mawu
New Around Here
Hi HairyAOO / visortgw,
Thank you for fast answering - About blocking I know- I was a little bit shocked - but OK timeserver could went to whitelist ...
-> Next time I know / checking IP with alienvault !!!
Thank U // I will spend for that good work (Diversion&Skynet) and forum!
That makes much fun
)
mawu
New Around Here
Can't reproduce the latter. As for the technical limitation, the only option right now is just having output saved to a text file and just displaying it which isn't ideal for various reasons. If I were to implement it I'd want something interactive that doesn't introduce a command injection vulnerability. Bit of a catch 22
Your router is trying to connect to the NTP server @ 94.130.231.116 which is also on your blacklist.
I don't see this IP on the default blacklist so I assume you are using a custom one or country blocking Germany. In which case you should whitelist it / use less aggressive custom lists.
Code:skynet@RT-AX88U-DC28:/tmp/home/root# firewall stats search malware 94.130.231.116 ############################################################################################################# # _____ _ _ __ # # / ____| | | | / / # # | (___ | | ___ _ _ __ ___| |_ __ __/ /_ # # \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \ # # ____) | <| |_| | | | | __/ |_ \ V /| (_) | # # |_____/|_|\_\\__, |_| |_|\___|\__| \_/ \___/ # # __/ | # # |___/ # # # ## - 05/07/2019 - Asus Firewall Addition By Adamm v6.8.5 # ## https://github.com/Adamm00/IPSet_ASUS # ############################################################################################################# ============================================================================================================= [i] Debug Data Detected in /tmp/mnt/USB/skynet/skynet.log - 9.1M [i] Monitoring From Jul 10 10:00:02 To Jul 18 03:57:03 [i] 40238 Block Events Detected [i] 3372 Unique IPs [i] 0 Manual Bans Issued ============================================================================================================= Exact Matches; -------------- | --------- | IP Address | | | List | -------------- | --------- Possible CIDR Matches; -------------- | --------- | IP Address | | | List | -------------- | --------- ============================================================================================================= [#] 136388 IPs (+0) -- 1671 Ranges Banned (+0) || 52 Inbound -- 0 Outbound Connections Blocked! [stats] [18s]
Hi Adamm,
YES I test ``more`` blocking lists
firehol_level1,2,3,4 / ransomware_feed by Abuse
BUT sorry I ``google`` the IP and find https://www.maltiverse.com/ip/94.130.231.116
Swistheater
Very Senior Member
Does it support using syslog-ng TLS ?Look into scribe thread (syslog-ng and logrotate installer). In that thread many of us have then sent logs to Loggly and they offer a free version as long as logs are under a certain size, mine are wayunder that max free limit. Get info like this.
Jack Yaz
Part of the Furniture
Parsing text files is easy enough, just need to rip the data out to something like jsonCan't reproduce the latter. As for the technical limitation, the only option right now is just having output saved to a text file and just displaying it which isn't ideal for various reasons. If I were to implement it I'd want something interactive that doesn't introduce a command injection vulnerability. Bit of a catch 22
Your router is trying to connect to the NTP server @ 94.130.231.116 which is also on your blacklist.
I don't see this IP on the default blacklist so I assume you are using a custom one or country blocking Germany. In which case you should whitelist it / use less aggressive custom lists.
Code:skynet@RT-AX88U-DC28:/tmp/home/root# firewall stats search malware 94.130.231.116 ############################################################################################################# # _____ _ _ __ # # / ____| | | | / / # # | (___ | | ___ _ _ __ ___| |_ __ __/ /_ # # \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \ # # ____) | <| |_| | | | | __/ |_ \ V /| (_) | # # |_____/|_|\_\\__, |_| |_|\___|\__| \_/ \___/ # # __/ | # # |___/ # # # ## - 05/07/2019 - Asus Firewall Addition By Adamm v6.8.5 # ## https://github.com/Adamm00/IPSet_ASUS # ############################################################################################################# ============================================================================================================= [i] Debug Data Detected in /tmp/mnt/USB/skynet/skynet.log - 9.1M [i] Monitoring From Jul 10 10:00:02 To Jul 18 03:57:03 [i] 40238 Block Events Detected [i] 3372 Unique IPs [i] 0 Manual Bans Issued ============================================================================================================= Exact Matches; -------------- | --------- | IP Address | | | List | -------------- | --------- Possible CIDR Matches; -------------- | --------- | IP Address | | | List | -------------- | --------- ============================================================================================================= [#] 136388 IPs (+0) -- 1671 Ranges Banned (+0) || 52 Inbound -- 0 Outbound Connections Blocked! [stats] [18s]
Adamm
Part of the Furniture
By not ideal I was implying that displaying old information and having no ability to interact somewhat defeats the purpose of WebUI integration. Offering anything less then what the menu currently does functionality wise is a step backwards imo.
L&LD
Part of the Furniture
I would be more likely to look at the stats from Skynet in the GUI first and then interact as needed.
Similar threads
Similar threads
Similar threads
-
-
Skynet Skynet showing router itself making calls to China?
- Started by Skywise
- Replies: 26
-
Skynet Skynet - Blocked outbounds coming from the router itself?
- Started by JuanGF
- Replies: 12
-
Skynet Installing Skynet causes router to crash and reboot
- Started by ovancantfort
- Replies: 26
-
Skynet Message on SKYNET I havent seen before- Started by Davidncali001
- Replies: 1
-
-
-
Skynet SkyNet/Firewall blocking all ping requests, including outbound
- Started by nearlyheadlessarvie
- Replies: 6
-
Skynet SOLVED: Scrollbar Disappears on Skynet Tab on Asuswrt-Merlin 386.14
- Started by WRobertE
- Replies: 10
-
Skynet Best way to configure SkyNet on RX-AT82U
- Started by DomiDam2
- Replies: 7
Latest threads
-
Release ASUS GT-BE98 Pro Firmware Version 3.0.0.6_102_37031
- Started by NotTheHerbie
- Replies: 2
-
RT AX86u PRo 35mbs top dl speed
- Started by laptop
- Replies: 2
-
-
Release ASUS TUF-AX6000 Firmware version 3.0.0.4.388_33427 (2024/11/06)
- Started by fruitcornbread
- Replies: 0
-
Release ASUS RT-AXE7800 Firmware version 3.0.0.4.388_25127 (2024/11/06)
- Started by fruitcornbread
- Replies: 0
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!
Staff online
-
thigginsMr. Easy