Wifi network settup - RT-AC86U w or w/t RPi 3B - advice request

[some.jimmy]

Hmmm... frankly I do not know if it works or not.
Skynet works, or at least shows number of blocked outgoing connections. After temporarily switching Skynet off I hoped to see number of FW firewall entries in system log. But it was, as I wrote above.
When I check firewall on Shields Up! (for example) I have two or free closed common ports and the rest are stealth.

 

[Tech9]

Skynet works, or at least shows number of blocked outgoing connections.

No. It shows mostly the number of matched IP addresses in blocklists. Do whatever you think is working for you. I'm out.

 

[some.jimmy]

Thanks!

 

[Smokey613]

Unless you have ports opened inbound, the firewall should block unsolicited inbound traffic by default. The inbound logs hits in Skynet, as Tech9 stated, is simply Skynet logging blocklists matches. The real benefit to Skynet is monitoring outbound traffic. At least this is my understanding of how it works. As you can see on mine, if you enable inbound logging you see “activity” but notice there is none for Outbound, which is a good thing In that no compromised devices on my network are trying to “phone home”, at least none in the Skynet database.

 

[Tech9]

Unless you have ports opened inbound, the firewall should block unsolicited inbound traffic by default.

Even if you do have ports open, that doesn't mean everyone who tries gets in. We have passwords and certificates for access control. Skynet may eventually block attempts from flagged bad IP's. Why eventually - because there is no guarantee this very same IP is going to be in blocklists.

The real benefit to Skynet is monitoring outbound traffic. At least this is my understanding of how it works.

This is correct. The user can limit himself from accessing specific IP's. Some folks block half of the Internet, including countries with big Internet hubs.

 

[Tech9]

As you can see on mine

Be sure 99% inbound are scan bots, part of Internet background noise. Not bad butt hackers trying to steal your adult collection.

 

[cptnoblivious]

The benefit of pihole is that it can (and by default does) block a lot of trackers, besides just ads. uBlock is great to run in addition to pihole, but ublock won't do any good blocking OS or non-browser application telemetry.

YMMV, but I use both.

Good luck.

 

[Smokey613]

I also run the NextDNS CLI, it is another layer in my security solution.

 

[some.jimmy]

Unless you have ports opened inbound, the firewall should block unsolicited inbound traffic by default. The inbound logs hits in Skynet, as Tech9 stated, is simply Skynet logging blocklists matches. The real benefit to Skynet is monitoring outbound traffic. At least this is my understanding of how it works. As you can see on mine, if you enable inbound logging you see “activity” but notice there is none for Outbound, which is a good thing In that no compromised devices on my network are trying to “phone home”, at least none in the Skynet database.

Hi @Smokey613,
thank you for your reply. My case with Skynet is different, because I see 0 (zero) in blocked inbound connection (blocked = identified in Skynet's blocklists ) and some in blocked outbound connections (blocked=as above). Now you make me worry. I have to review my devices which generate blocked outgoing numbers in Skynet.
I have started using Skynet with default settings and I do not recall enabling or not any inbound logging activity there. Especially switching it off, which may cause "zeros" in logged Skynet's actions. May I ask, where should I check if inbound logging is enabled in Skynet?

The benefit of pihole is that it can (and by default does) block a lot of trackers, besides just ads. uBlock is great to run in addition to pihole, but ublock won't do any good blocking OS or non-browser application telemetry.

YMMV, but I use both.

I also run the NextDNS CLI, it is another layer in my security solution.

Hi @cptnoblivious and thank you for your reply as well.

Reading all of above what about below crazy configuration:

Router with FW Firewall + AIProtection + Skynet (as a source of information about outbound malicious activity on local devices)
together with
RPi3 with PI-Hole/AdGuardHome

Is it too much?

uBlock Origin on some of the devices.

SJ

 

[Tech9]

@some.jimmy, one more thing - Skynet and DNSFilter are IPv4 only. If you have IPv6 enabled, your back door is "unlocked".

 

[some.jimmy]

No, I do not have IPv6 open. But I have firewall for IPv6 switched on. Just in case.
Seriously, I have to review my routers settings again.
Thank you @Tech9 for your advices!

 

[Smokey613]

Skynet has an option to not enable inbound logging which if your firewall is setup correctly will not matter. I leave it on just so I can see activity on my WAN interface, plus it confirms Skynet is running. You can go into the Skynet menu through amtm and select "settings" and make changes on logging.

 

[cptnoblivious]

Hi Smokey613,
thank you for your reply. My case with Skynet is different, because I see 0 (zero) in blocked inbound connection (blocked = identified in Skynet's blocklists ) and some in blocked outbound connections (blocked=as above). Now you make me worry. I have to review my devices which generate blocked outgoing numbers in Skynet.
I have started using Skynet with default settings and I do not recall enabling or not any inbound logging activity there. Especially switching it off, which may cause "zeros" in logged Skynet's actions. May I ask, where should I check if inbound logging is enabled in Skynet?




Hi cptnoblivious and thank you for your reply as well.

Reading all of above what about below crazy configuration:

Router with FW Firewall + AIProtection + Skynet (as a source of information about outbound malicious activity on local devices)
together with
RPi3 with PI-Hole/AdGuardHome

Is it too much?

uBlock Origin on some of the devices.

SJ

Here is how I run:
Internet -- Router (with Skynet, but no AIProtection) -- 2x piholes in my network (default blocklist + a couple of entries for roku), one physical on a 4B and one pihole running on an ubuntu Server VM -- client browsers all run uBlock (plus disconnect, privady badger and the duckduckgo plugin)

Edit to add: My router is the upstream DNS for the piholes and uses DoT and the Canadian Shield protected DNS servers

 

[some.jimmy]

Skynet has an option to not enable inbound logging which if your firewall is setup correctly will not matter.

Thank you @Smokey613 for your reply and advice. I have highlighted above because I thought maybe this is my issue of zero inbound connections blocked (=showed as blocked in Skynet). I have to check later today if I have switched on an option not to enable inbound logging. I don't think so, but will check. If I do not have it enabled and my firewall is configured correctly shall I see any number of blocked inbound connections or not? Maybe zero in Skynet's blocked inbound connections prooves that my FW firewall is configured correctly. Does it?
SJ