Skynet Skynet - Router Firewall & Security Enhancements

[XIII]

And an obscure port as a bonus?

Yes. The firmware even encourages that (these days): Using a different port than the default port 22 is recommended to avoid port scan attacks.

And to get back on topic: would be nice if SkyNet allows SSH over WAN in Secure Mode, if those conditions were met (SSH keys, no passwords, non-standard port), but of course Adamm can think different about that.

 

[Adamm]

Actually, I didn't toggle any. Up to today I didn't even know how to interact with Skynet on the command line. Anyway, I'll try what you suggested and set it up again from scratch ...

Edit:
I performed the rm command. And now? How can I uninstall Skynet? It's still shown in amtm as installed.

Reboot then run the install command again from the first post to correct your issues.

 

[Adamm]

Yes. The firmware even encourages that (these days): Using a different port than the default port 22 is recommended to avoid port scan attacks.

And to get back on topic: would be nice if SkyNet allows SSH over WAN in Secure Mode, if those conditions were met (SSH keys, no passwords, non-standard port), but of course Adamm can think different about that.

Using OpenVPN is still safer, 2 layers vs 1.

 

[slytho]

Reboot then run the install command again from the first post to correct your issues.

Thank you a lot! It seems to work now. Great! I don't know what messed up my previous installation. (And I totally forgot the installation command of the first post :haha:

Issue closed

 

[slytho]

Hi Adamm!

Another question: how can I modify the cru times (cronjob). My router is powered off from midnight to 5 pm and thus cru commands during that time aren't executed.

 

[Adamm]

Hi Adamm!

Another question: how can I modify the cru times (cronjob). My router is powered off from midnight to 5 pm and thus cru commands during that time aren't executed.

You cant, the cron times are randomly generated. But in your case this wont matter as the cronjob functions (list updates etc) also happen during startup.

 

[Wishmaster1965]

Thanks Adam , moved the file to /opt/var/log now, can see the file building up in the file

 

[randomName]

If I disable Logging, Do i need to also disable WebUI?

 

[Adamm]

If I disable Logging, Do i need to also disable WebUI?

Do you need to? Not really, Skynet will throw up a error though occasionally reminding you.

 

[randomName]

Do you need to? Not really, Skynet will throw up a error though occasionally reminding you.

Thanks. I was seeing that error/notification, occasionally. Decided on keeping logging enabled while disabling the WebUI, for now.

Thanks, again!

 

[ugandy]

when skynet starts during a router reboot, is this message normal?

May 11 16:26:28 RT-AX88U-8158 Skynet: [*] Private WAN IP Detected 192.168.100.10 - Please Put Your Modem In Bridge Mode / Disable CG-NAT

this is not my wan ip

thanks

 

[QuikSilver]

when skynet starts during a router reboot, is this message normal?

May 11 16:26:28 RT-AX88U-8158 Skynet: [*] Private WAN IP Detected 192.168.100.10 - Please Put Your Modem In Bridge Mode / Disable CG-NAT

this is not my wan ip

thanks

Cable internet? My cable internet modem uses the 192.168.100.XXX ip scheme. I noticed on mine I have to bring up the cable modem first, wait for it to fully boot up, then bring up the router. Otherwise my router would show the same private IP as wan IP on router.

 

[ugandy]

Cable internet? My cable internet modem uses the 192.168.100.XXX ip scheme. I noticed on mine I have to bring up the cable modem first, wait for it to fully boot up, then bring up the router. Otherwise my router would show the same private IP as wan IP on router.

yes. cable modem. the modem itself is 192.168.100.1

when i reboot the router, the modem is already fully up. and router will then show the correct outside comcast ip on the gui wan page, when reboot completes.

i just keep getting that message from skynet during the router reboot and can't understand why

 

[Adamm]

i just keep getting that message from skynet during the router reboot and can't understand why

    if nvram get wan0_ipaddr | Is_PrivateIP; then
        logger -st Skynet "[*] Private WAN IP Detected $(nvram get wan0_ipaddr) - Please Put Your Modem In Bridge Mode / Disable CG-NAT"
    fi

We check the wan_ipaddr value during startup and installation, if the IP listed there (which is the IP your Asus router is assigned) is a private address, Skynet warns the user their configuration may not be optimal.

 

[Joe Doe]

I am getting an "arithmetic syntax error". Force update didn't solve the issue.

 

[Adamm]

I am getting an "arithmetic syntax error". Force update didn't solve the issue.

What is the output of;

sh /jffs/scripts/firewall debug info

And the exact output when you get the error.

 

[ttgapers]

Using OpenVPN is still safer, 2 layers vs 1.

Not to mention pretty easy to configure.

 

[RMerlin]

People get scared by OpenVPN just because it has a lot of available settings. But Asuswrt-Merlin makes it pretty much an automated process, taking care of generating everything for you. You can get OpenVPN up and running within a few minutes.

 

[tekrich]

Installed Skynet this morning, and I seem to have 2500 inbound blocks after 8 hours!

But no outbound blocks.

Wow! The bots on the WAN...

 

[Adamm]

I've pushed v7.1.9

Show client name in WebUI stats
Disable onclick for outbound chart
Detect malware IOC that prevents AiProtect from updating by setting apps_wget_timeout=3O