Simplewall: WhoIs or Google link for IP addresses in notification

Created on 7 Jan 2019  路  9Comments  路  Source: henrypp/simplewall

Hey,

just a little feature request to look up for unknown IP addresses with Google or WhoIs etc. in the Notification window (Clicking on the IP opens the browser etc.).

feature
Source
picture Dark-Noir
👍3 👎2

Most helpful comment

Yeah, I should better follow the cable to find out who owns the IP :D

picture Dark-Noir on 8 Jan 2019
😕1 😄1 👎1 👍1

All 9 comments

Why you want sell your data to Google? No, that's a bad idea.

beerisgood picture beerisgood on 8 Jan 2019
👎2 👍2

Yeah, I should better follow the cable to find out who owns the IP :D

Dark-Noir picture Dark-Noir on 8 Jan 2019
😕1 😄1 👎1 👍1

I agree with @Dark-Noir, I think a link to a service like ipinfo.io (or similar) would be useful. No information is sent just displaying a link, so I don't see the issue. Could even be configurable by the user to use whatever service they want (or none at all).

zeffy picture zeffy on 14 Jan 2019
👎1 👍1

using startpage would be much better for starters. ipinfo is a good service as well.

pwn0r picture pwn0r on 17 Jan 2019

A harmful service or a service that collects statistics (which is the same) can rent any ip addresses and your whois is useless. But whois service will be able to collect statistics itself. In general, not a good idea. A good idea to make a list of connections, active, listen and open ports like in TCPView from sysinternals.

rextheleopard picture rextheleopard on 18 Jan 2019
👎2

+1 obviously https://github.com/henrypp/simplewall/issues/68

ltGuillaume picture ltGuillaume on 29 Jan 2019

@rextheleopard I don't think [being able to] "rent any ip address" (lol) has anything to do with this. A malicious actor cannot own an IP address that resides in a corporate ASN (short of a hosting service like Azure or similar), obviously, so whois lookups are far from useless. If the lookup shows some random IP (consumer level ISP, offshore hosting, etc) then it warrants further investigation. Whois lookups are to make that determination.

And tbh, while I obviously can't speak for henrypp, an active port viewer seems outside the scope of simplewall as I don't believe there is any way to do it using WFP. It would need to be made from scratch, which sounds like a waste of time considering there are already tons of tools that do this such as CurrPorts, Process Hacker, and TCPView as you mention. Has nothing to do with this issue anyway.

zeffy picture zeffy on 29 Jan 2019

I for one really want this feature. Frankly, I would like it to be automatic: don't even make me click to see who owns public IPs. The Simplewall UI should at a minimum display country of public IPs.

No one is suggesting this would be enabled by default or not be configurable. To all those complaining that they don't want to be tracked, don't use this feature.

cinderblock picture cinderblock on 31 Jan 2019

For now you can try enabling 'resolve network addresses', it can sometimes give you good info.
capture

Here it means nothing, I know. But sometimes show considerable info (when Host name and domain name are same or similar).

TontyTon picture TontyTon on 31 Jan 2019
🎉1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

p-groarke picture p-groarke  路  4Comments
gameb0y picture gameb0y  路  3Comments
ghost picture ghost  路  4Comments
TontyTon picture TontyTon  路  3Comments
c-rilaun picture c-rilaun  路  3Comments