On a side note, if your fan started spinning up when you opened this, it's because of the particle simulation in the header.
I know because I reviewed this library (https://github.com/VincentGarreau/particles.js) when a colleague wanted to add something similar to our site. The problem is it uses a naive O(n^2) algorithm for linking up particles when they get near each other, which wastes a lot of CPU cycles.
Running this script with a large number of particles and auto-linking on is ill-advised - but fortunately you can delete the <canvas> element quite easily to stop the script.
I also noticed they have some janky Javascript playing with the scrolling on the page, which also prevents me from using swipes to go back in my browser. Very annoying when sites mess with that. Give me my usual scrolling inertia!
I just did! Annoying the I had to reduce the number of particles significantly in order not to force CPU to spark. Does anyone have suggestions for an alternative library? (I really don't want to have to write something like this myself for a landing page, talk about overkill)
We agree that some of the "values" might seem a bit out of place`, we discussed them with multiple security professionals and tried to come up with the best with the different opinions we were given. Please please please submit an issue on the github. Far too many ratings work as blackboxes which is why we decided to "open" our formula. The link for the github is https://github.com/binaryedge/ratemyip-openframework
I don't necessarily agree with the risk level, but if analyzing a traditional business network, torrenting probably isn't being used for legitimate uses. Thusly, it's likely it either being used by malware or maybe a ignorant/malicious user.
The problem is that not all business networks are "traditional". Some might be pulling OS install media from a torrent (a lot of FOSS operating systems are distributed this way). Some might even be mirroring/seeding said media.
We will add this information, but essentially we and other partners have seen a high quantity of torrents infected with malware. We intend to fine tune this in the future to differentiate the torrents depending on category!
- How do you scan ipv6s? Scanning the entire space is easy for ipv4 (we do that for some router-security-related projects), but ipv6 space is freaking huge.
- Have you considered using something like Shodan (https://www.shodan.io/) API instead of scanning the address space by yourselves?
- For IPv6 rather than scanning the entire space, we are currently passively collecting addresses from multiple sources and scan specific addresses
- We wouldn't use shodan as we developed our own custom scanners and methodologies of scanning to increase data quality which is extremely important for our customers (cyberinsurers, SoCs, cyberrating companies). We also do some specific things with data which you can check on http://blog.binaryedge.io/2016/11/18/bsides-lisbon-2015/
Feedback like this is exactly why we made the formula open, we believe there is still lots that can be done with this. Please submit an issue on https://github.com/binaryedge/ratemyip-openframework so that we can have a discussion about impact/usefullness!
This tool does not provide enough information about the scan and the detected "problems".
1. It's only scanning for default ports.
2. It told me about having a CVE-Score "3/3", please provide me with the exact CVEs, so I can patch my system accordingly.
3. Running a webserver on Port 80 is not insecure per se, it's just not encrypted.
4. No feature to rescan, provided information is probably old.
While I like the overall design, I think this tool is not for technical people, but for everyone who uses the word "cyber" on a daily unironically basis.
2 - Indeed atm we just provide an overall view, we intend to improve this tool further. We had too many people requesting us custom scans when Doublepulsar came out.
3 - True, please submit an issue on the github so a discussion about this can be started. We like having an open formula that people can change/comment on.
4 - Scans are from last 2 months and will keep changing accordingly. It queries our database rather than doing an active scan!
That's how I felt about all of the ratings. Just arbitrary numbers. I have one out of two ports open? Or do two or more open ports automatically go red? No clue, it doesn't say.
6/6 on HTTP with SSL. Again, six what? Total open HTTP connections? Couldn't I have more than six, and wouldn't that data be important? No clue, it doesn't say.
Trying the site with my VPN connection enabled is amusing.
Does this work with dynamic IP addresses? In the fine print at the bottom of the page, it says that "the data has been collected passively over the last month," and I'm not sure how you can do that for a dynamic IP address. Could you enlighten me?
Hi, essentially we scan the entire IPv4 space, 200 ports per month. What we mean by that is that when you open the page a scan won't open targeted directly at your ip address!
Some of the assessments make sense for a server but this is going to be called from client machines. Is there an endpoint to call and pass an IP address to test?
For example, I get 14 out of 100. Encryption are all 0, yet "Overall" is 3 out of 6. The only other non-zero value is "Number of open ports" (2). 2+3 != 14. Σ0 = 0 != 3.
Obviously, I have no idea what those 12 risk points are. The three encryption points are not explained at all, neither are the remaining nine.
The overall value of each category is truncated to the maximum value of that category - for example, if you have 10 open ports, you will get an overall score in "Attack Surface" category of 2, because it's the maximum value (vulnerability importance) that we attributed to that category.
The final score is the sum of the overall values of all categories, and then it's normalized between 0 and 100.
If you have all 0 in Encryption, and then the overall result for that category is 3, something went wrong... thank you for your feedback!
Reminds me of stuff from Bitsight Tech except they use a proprietary algorithm to rate and give a rating on Organization basis which may have a lot of IPv4/v6 blocks.
Also, Censys.io (discounting shodan & zoomeye).
Wow, I am amazed. Was actually expecting to be bombarded with false positives when I proxy via one of my servers to check that IP - but 0/100 all the time so far.
I report any scanning done against my IP's. I do not know what the intentions of the scanner are. People trying to make money making a product that scans my IP's and wastes bandwidth and computing resources that I have to pay for should be jailed in my humble opinion.
I know because I reviewed this library (https://github.com/VincentGarreau/particles.js) when a colleague wanted to add something similar to our site. The problem is it uses a naive O(n^2) algorithm for linking up particles when they get near each other, which wastes a lot of CPU cycles.
Running this script with a large number of particles and auto-linking on is ill-advised - but fortunately you can delete the <canvas> element quite easily to stop the script.