What's new

Skynet SkyNet, What's going on? should I be concerned?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Ricklndn

New Around Here
Installed skynet about a week ago and I keep seeing this blocked, what is it and should i be concerned ?

Jun 21 09:24:17 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=7c:10:c9:b4:c1:c8:00:17:10:9a:ef:09:08:00 SRC=57.128.41.42 DST=99.242.**.2** LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=27448 DF PROTO=UDP SPT=64571 DPT=8000 LEN=20 MARK=0x8000000
Jun 21 09:24:31 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=7c:10:c9:b4:c1:c8:00:17:10:9a:ef:09:08:00 SRC=162.142.125.232 DST=99.242.**.2** LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=16405 PROTO=TCP SPT=43644 DPT=8029 SEQ=3097837270 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000

I took out someone of my ip address using **
 

Attachments

  • up.jpg
    up.jpg
    41.8 KB · Views: 87
Installed skynet about a week ago and I keep seeing this blocked, what is it and should i be concerned ?

Jun 21 09:24:17 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=7c:10:c9:b4:c1:c8:00:17:10:9a:ef:09:08:00 SRC=57.128.41.42 DST=99.242.**.2** LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=27448 DF PROTO=UDP SPT=64571 DPT=8000 LEN=20 MARK=0x8000000
Jun 21 09:24:31 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=7c:10:c9:b4:c1:c8:00:17:10:9a:ef:09:08:00 SRC=162.142.125.232 DST=99.242.**.2** LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=16405 PROTO=TCP SPT=43644 DPT=8029 SEQ=3097837270 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 OPT (020405B4) MARK=0x8000000

I took out someone of my ip address using **
This means that Skynet is doing what it is supposed to do; block IP addresses in the loaded blacklist. Here's mine:
1687355271711.png
 
What's going on in your case? looks the same thing happening, have you figured out whats going on? I mean come on what ever is happen its happening several times non stop per min..
Please be aware that, every time you are on the Internet, you IP address is constantly monitored by various players (friendly and, more dangerous, unfriendly peoples) and Skynet is there to help prevent many of them to be successfully achieving their goals:

1687356103810.png
 
If you install scripts like that you will get reports constantly , it is doing exactly what is intended.

Skynet has blocked a malicious IP address , one used for continuous port scanning.

>>> Abuse IPDB reports here <<<

With such a script you will see hundreds of entries a day.
 
I just installed it a few days ago, how come nothing bad happened years ago?

The "bad" stuff has always been there, every second of every day. You only see it if you read the firewall logs.

Set the ASUS firewall to log "dropped/blocked" packets and you'll see thousands of entries a day.
 
You can see active attackers , daily,weekly,monthly here ;

Sentinel View
The problem is that too many people thinks that because they cannot visibly observe unusual activities that they are not subject to illegal intrusions and are operating in a secure environment.
 
The problem is that too many people thinks that because they cannot visibly observe unusual activities that they are not subject to illegal intrusions and are operating in a secure environment.

Yup, and then they install scripts that they don't understand and panic when the script does its job.

Like the guy who 2 years later is still writing on forums that AiProtection showed his router has been hacked and is unusable ........ nothing will convince him that he was protected and there is zero problem.
 
Installed skynet about a week ago and I keep seeing this blocked, what is it and should i be concerned ?
Welcome to the wild world of firewalls, @Ricklndn . If you really want to see something, you should ban a bunch of countries, and use @SomeWhereOverTheRainBow's skynet blocklist...

Here: https://raw.githubusercontent.com/jumpsmm7/GeneratedAdblock/master/filter.list

Alternatively, you can use mine here: https://raw.githubusercontent.com/ViktorJp/Skynet/main/filter.list

This is currently banning 215K IPs and 69K IP ranges...

1687383784096.png


So yeah, there's lots of inbound and outbound IP blocks... :)
 
Welcome to the wild world of firewalls, @Ricklndn . If you really want to see something, you should ban a bunch of countries, and use @SomeWhereOverTheRainBow's skynet blocklist...

Here: https://raw.githubusercontent.com/jumpsmm7/GeneratedAdblock/master/filter.list

Alternatively, you can use mine here: https://raw.githubusercontent.com/ViktorJp/Skynet/main/filter.list

This is currently banning 215K IPs and 69K IP ranges...

View attachment 51188

So yeah, there's lots of inbound and outbound IP blocks... :)
The power of skynet compells you !!!!

Screenshot_20230621_185624_Termius.jpg
 
You guys have a ton of outgoing blocks, normally (with my setup) I'd be a tiny bit concerned. Realize that with the number of ranges banned, you'll kill a lot of requests. Still, outbound blocks > inbound? Yikes :)

@SomeWhereOverTheRainBow maybe try something like adguardhome to cut down on things trying to load 🤭
 
You guys have a ton of outgoing blocks, normally (with my setup) I'd be a tiny bit concerned. Realize that with the number of ranges banned, you'll kill a lot of requests. Still, outbound blocks > inbound? Yikes :)

@SomeWhereOverTheRainBow maybe try something like adguardhome to cut down on things trying to load 🤭
Yea no problems here, I use Pihole.

here is a look at Pihole Statistics

1687475309854.png

Here is some of the skynet block details

1687475967782.png


1687476033732.png
 
You guys have a ton of outgoing blocks, normally (with my setup) I'd be a tiny bit concerned. Realize that with the number of ranges banned, you'll kill a lot of requests. Still, outbound blocks > inbound? Yikes :)

@SomeWhereOverTheRainBow maybe try something like adguardhome to cut down on things trying to load 🤭
Good eye, @cptnoblivious ... the reason for that is ever since I started using unbound, skynet is now blocking outbound DNS lookups on servers in other countries... I have a bunch of shady chinese robovacuums, plugs, and other devices on the guest network that keep wanting to talk to china, and for some reason, something on our main network wants to keep doing Facebook DNS lookups in Israel of all places like every 30 seconds. Keep 'em coming. :p
 
Good eye, @cptnoblivious ... the reason for that is ever since I started using unbound, skynet is now blocking outbound DNS lookups on servers in other countries... I have a bunch of shady chinese robovacuums, plugs, and other devices on the guest network that keep wanting to talk to china, and for some reason, something on our main network wants to keep doing Facebook DNS lookups in Israel of all places like every 30 seconds. Keep 'em coming. :p
That DNS lookup pattern is interesting.

I don't have IoT devices (by design) so my block lists are significantly shorter. And when we have outbound blocks I tend to investigate. Make sense that with a different approach you're seeing very different results!
 
That DNS lookup pattern is interesting.

I don't have IoT devices (by design) so my block lists are significantly shorter. And when we have outbound blocks I tend to investigate. Make sense that with a different approach you're seeing very different results!
Running unbound has truly opened my eyes on how many DNS requests are truly happening all the time... using Eibgrad's DNS monitor also was very useful, and was surprised with how many DNS servers are located in blocked countries that my devices were trying to get to. Truly eye-opening.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top