Show HN: TunnelMind – reputation API for IPs, ASNs, and ad-tech supply chains
tunnelmind.aiI'm a network engineer that likes to think about the future of the internet and this is what I've built over many nights and weekends. One reputation graph over IPs, ASNs, domains, and entities, exposed as a JSON API. Try it:
curl https://api.tunnelmind.ai/v1/check/1.1.1.1
Reputation is subjective and subject to abuse. You need cold hard facts. Intelligence. Also, don't talk BGP to people you don't know and don't forget to maintain your human network. Your regional RIR can help with this.
hmmm. TunnelMind is not actually in the routing path or peering with anyone, observes route origin + RPKI to judge whether a destination's routing checks out, alongside other signals.
How much traffic are you prepared to handle with this site?
Also, do you plan to support IPv6?
Great questions. It’s built on cloudflare so it should scale. Every endpoint is dual-stack today.
My question about IPv6 was related to using an IPv6 address in a query, not making a query from an IPv6 client.
Gotcha, it can't today, but I am going to start working on it.
Quite interesting, but what is your selling point vs say ipinfo.io?
To maintain this sort of service you need access to vast scale of intelligence. Do you have it?
I work for IPinfo. We do not provide reputation scoring, by the way. Reputation is such a subjective matter.
It would be easy for us to make a very quick sales if we start offering reputation scoring, but we, as a company, would rather support fraud detection, threat intelligence and bot detection services with raw data from us.
In fact, the 1400 servers we operate for internet measurement all have very sophisticated honeypots baked into them, but still, we have not productized that data. In our experience of the fast-moving world of IP addresses, reputation scoring, even with the best intentions, can introduce some downsides. We can do many things which will be better than most things out there, but we have to really balance the consequences of our product.
Thank you for your work and insights. I am a very satisfied paid user for many years. Keep up the good work!
Appreciate the balanced view as well.
Reputation scoring is useless metrics IMHO exactly for reasons you stated - risk appetite and risk model are generally different for everyone. We actually do have IP scoring build on datapoints we have + what ipinfo API gives us. This is tuned to specific projects and practically useless for anyone else.
One of practical point for OP is perhaps to consider an PoV that providing this sort of service will require a lot of intelligence collected from many sources, which OP may not have at this point. Even 1400 servers probably cover limited scope.
After I read your question I thought other people would wonder the same thing and I already had some ideas about greynoise. I'm going to go ahead and add this to the site for other people. Thanks. https://tunnelmind.ai/compare
Thank you for sharing it.
> GreyNoise tells you whether an IP is internet-background scanning noise.
My somewhat poorly expressed point was that to make a decision whether IP is or isn't a "internet-background scanning noise" (btw how would you define that?) you need to have access to substantial volume of data. And also how the decision is made remains unclear. If some sysadmin on legitimate node does network scan to investiage something and you catch it - will it become positive "internet-background scanning noise"?