Hacker News new | comments | show | ask | jobs | submit login
A vulnerability rating of your IP address (securityrating.io)
72 points by shadowashe on July 26, 2017 | hide | past | web | favorite | 46 comments



On a side note, if your fan started spinning up when you opened this, it's because of the particle simulation in the header.

I know because I reviewed this library (https://github.com/VincentGarreau/particles.js) when a colleague wanted to add something similar to our site. The problem is it uses a naive O(n^2) algorithm for linking up particles when they get near each other, which wastes a lot of CPU cycles.

Running this script with a large number of particles and auto-linking on is ill-advised - but fortunately you can delete the <canvas> element quite easily to stop the script.


I also noticed they have some janky Javascript playing with the scrolling on the page, which also prevents me from using swipes to go back in my browser. Very annoying when sites mess with that. Give me my usual scrolling inertia!


Thanks for this info, I've asked the guys to try and fix this! Apologies in advance!


Wow... I was about to use this on a landing page I'm building. Thanks for the tip!


I just did! Annoying the I had to reduce the number of particles significantly in order not to force CPU to spark. Does anyone have suggestions for an alternative library? (I really don't want to have to write something like this myself for a landing page, talk about overkill)


> Torrent Downloads: If an IP address detected downloading torrents, the risk level is considered extreme.

Why?

There is some more info in the README at Github (https://github.com/binaryedge/ratemyip-openframework), but nothing about why torrents induce extreme risk level.


Also:

> Web: The lack of at least one security header represents an extreme level of exposure

Don't really get that one either. So any site not using HSTS, CSP, or Key Pinning, for example, is automatically at extreme risk?


We agree that some of the "values" might seem a bit out of place`, we discussed them with multiple security professionals and tried to come up with the best with the different opinions we were given. Please please please submit an issue on the github. Far too many ratings work as blackboxes which is why we decided to "open" our formula. The link for the github is https://github.com/binaryedge/ratemyip-openframework


I don't necessarily agree with the risk level, but if analyzing a traditional business network, torrenting probably isn't being used for legitimate uses. Thusly, it's likely it either being used by malware or maybe a ignorant/malicious user.


The problem is that not all business networks are "traditional". Some might be pulling OS install media from a torrent (a lot of FOSS operating systems are distributed this way). Some might even be mirroring/seeding said media.


We will add this information, but essentially we and other partners have seen a high quantity of torrents infected with malware. We intend to fine tune this in the future to differentiate the torrents depending on category!


Thanks!

Additional non-related questions:

- How do you scan ipv6s? Scanning the entire space is easy for ipv4 (we do that for some router-security-related projects), but ipv6 space is freaking huge.

- Have you considered using something like Shodan (https://www.shodan.io/) API instead of scanning the address space by yourselves?


- For IPv6 rather than scanning the entire space, we are currently passively collecting addresses from multiple sources and scan specific addresses

- We wouldn't use shodan as we developed our own custom scanners and methodologies of scanning to increase data quality which is extremely important for our customers (cyberinsurers, SoCs, cyberrating companies). We also do some specific things with data which you can check on http://blog.binaryedge.io/2016/11/18/bsides-lisbon-2015/


You could also differentiate OSes, in that most malware is aimed at Windows machines.


Feedback like this is exactly why we made the formula open, we believe there is still lots that can be done with this. Please submit an issue on https://github.com/binaryedge/ratemyip-openframework so that we can have a discussion about impact/usefullness!


This tool does not provide enough information about the scan and the detected "problems".

1. It's only scanning for default ports.

2. It told me about having a CVE-Score "3/3", please provide me with the exact CVEs, so I can patch my system accordingly.

3. Running a webserver on Port 80 is not insecure per se, it's just not encrypted.

4. No feature to rescan, provided information is probably old.

While I like the overall design, I think this tool is not for technical people, but for everyone who uses the word "cyber" on a daily unironically basis.


Hi!

1 - Its scanning 200 ports

2 - Indeed atm we just provide an overall view, we intend to improve this tool further. We had too many people requesting us custom scans when Doublepulsar came out.

3 - True, please submit an issue on the github so a discussion about this can be started. We like having an open formula that people can change/comment on.

4 - Scans are from last 2 months and will keep changing accordingly. It queries our database rather than doing an active scan!


Yeah, the CVE scan was really strange to me. I don't see the benefit if I can't see the CVEs themselves.


That's how I felt about all of the ratings. Just arbitrary numbers. I have one out of two ports open? Or do two or more open ports automatically go red? No clue, it doesn't say.

6/6 on HTTP with SSL. Again, six what? Total open HTTP connections? Couldn't I have more than six, and wouldn't that data be important? No clue, it doesn't say.

Trying the site with my VPN connection enabled is amusing.


Does this work with dynamic IP addresses? In the fine print at the bottom of the page, it says that "the data has been collected passively over the last month," and I'm not sure how you can do that for a dynamic IP address. Could you enlighten me?


Hi, essentially we scan the entire IPv4 space, 200 ports per month. What we mean by that is that when you open the page a scan won't open targeted directly at your ip address!


Sure, but for dynamic IP addresses, the box that had the IP when you scanned it days ago is not necessarily the same that has it now.


Exactly, this makes this of dubious use at best.


Some of the assessments make sense for a server but this is going to be called from client machines. Is there an endpoint to call and pass an IP address to test?


Using the "auto detection" is part of our free offering, our partners usually are able to look at specific ips as we work with cyberinsurers!


The numbers don't add up.

For example, I get 14 out of 100. Encryption are all 0, yet "Overall" is 3 out of 6. The only other non-zero value is "Number of open ports" (2). 2+3 != 14. Σ0 = 0 != 3.

Obviously, I have no idea what those 12 risk points are. The three encryption points are not explained at all, neither are the remaining nine.


The overall value of each category is truncated to the maximum value of that category - for example, if you have 10 open ports, you will get an overall score in "Attack Surface" category of 2, because it's the maximum value (vulnerability importance) that we attributed to that category. The final score is the sum of the overall values of all categories, and then it's normalized between 0 and 100. If you have all 0 in Encryption, and then the overall result for that category is 3, something went wrong... thank you for your feedback!


Here's a screenshot http://i.imgur.com/TMXbdpv.png


If you find an issue with the calculation please submit an issue on https://github.com/binaryedge/ratemyip-openframework so that we can address it! Thank you so much!


No IPv6? Goddamnit, it is 2017.


It displayed and "rated" my ipv6 address without any problem, even on an ipv6-only machine.


My bad. I forgot about a rather funky firewall rule I have because Netflix doesn't like IPv6. Retracted.


When I go to the page it shows my IPv6 address. Is your routing set up correctly?


It responded to my IPv6 address just fine.


It showed me my IPv6 address.


we will be adding this soon!


You already have it.

What it needs is a way for me to switch. I'm seeing my IPv6 reputation, but I'm more interested in my IPv4.


Reminds me of stuff from Bitsight Tech except they use a proprietary algorithm to rate and give a rating on Organization basis which may have a lot of IPv4/v6 blocks. Also, Censys.io (discounting shodan & zoomeye).


Wow, I am amazed. Was actually expecting to be bombarded with false positives when I proxy via one of my servers to check that IP - but 0/100 all the time so far.

Maybe it's broken the other way round? ;)


I report any scanning done against my IP's. I do not know what the intentions of the scanner are. People trying to make money making a product that scans my IP's and wastes bandwidth and computing resources that I have to pay for should be jailed in my humble opinion.


We respect a blacklist, just drop us an email on info@binaryedge.io and we can add your ips to the blacklist and we will never touch them again!


Please just set up some sort of robots.txt related thing.

E-mailing every single company that does this is ridiculous.


Thats an extreme overreaction to jail these people.

Sure, a fine if they don't follow robots.txt might be appropriate but jail? That is absurd.


What would you recommend, a fine, perhaps a stern talking to by the authorities?


> What would you recommend, a fine, perhaps a stern talking to by the authorities?

I already stated a fine is more than sufficient. Or do you think you should be jailed for speeding on the freeway too?

Proportionality in relation to the offense is a thing.


Wow you must be busy




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: