Show HN: TunnelMind – reputation API for IPs, ASNs, and ad-tech supply chains

Posted by o2k 6 days ago

Counter9Comment11OpenOriginal

I'm a network engineer that likes to think about the future of the internet and this is what I've built over many nights and weekends. One reputation graph over IPs, ASNs, domains, and entities, exposed as a JSON API. Try it:

  curl https://api.tunnelmind.ai/v1/check/1.1.1.1
Every answer is a signed receipt with an attestation tier so you can see what was produced and how your agents can use it. The protocol is opensource. Try it out let me know what you think and yes I am still working on the radar section of the site. Also What would make this useful for you?

Comments

Comment by coretx 5 days ago

Reputation is subjective and subject to abuse. You need cold hard facts. Intelligence. Also, don't talk BGP to people you don't know and don't forget to maintain your human network. Your regional RIR can help with this.

Comment by o2k 5 days ago

hmmm. TunnelMind is not actually in the routing path or peering with anyone, observes route origin + RPKI to judge whether a destination's routing checks out, alongside other signals.

Comment by jesterson 5 days ago

Quite interesting, but what is your selling point vs say ipinfo.io?

To maintain this sort of service you need access to vast scale of intelligence. Do you have it?

Comment by reincoder 5 days ago

I work for IPinfo. We do not provide reputation scoring, by the way. Reputation is such a subjective matter.

It would be easy for us to make a very quick sales if we start offering reputation scoring, but we, as a company, would rather support fraud detection, threat intelligence and bot detection services with raw data from us.

In fact, the 1400 servers we operate for internet measurement all have very sophisticated honeypots baked into them, but still, we have not productized that data. In our experience of the fast-moving world of IP addresses, reputation scoring, even with the best intentions, can introduce some downsides. We can do many things which will be better than most things out there, but we have to really balance the consequences of our product.

Comment by jesterson 4 days ago

Thank you for your work and insights. I am a very satisfied paid user for many years. Keep up the good work!

Appreciate the balanced view as well.

Reputation scoring is useless metrics IMHO exactly for reasons you stated - risk appetite and risk model are generally different for everyone. We actually do have IP scoring build on datapoints we have + what ipinfo API gives us. This is tuned to specific projects and practically useless for anyone else.

One of practical point for OP is perhaps to consider an PoV that providing this sort of service will require a lot of intelligence collected from many sources, which OP may not have at this point. Even 1400 servers probably cover limited scope.

Comment by o2k 5 days ago

[dead]

Comment by o2k 5 days ago

After I read your question I thought other people would wonder the same thing and I already had some ideas about greynoise. I'm going to go ahead and add this to the site for other people. Thanks. https://tunnelmind.ai/compare

Comment by jesterson 4 days ago

Thank you for sharing it.

> GreyNoise tells you whether an IP is internet-background scanning noise.

My somewhat poorly expressed point was that to make a decision whether IP is or isn't a "internet-background scanning noise" (btw how would you define that?) you need to have access to substantial volume of data. And also how the decision is made remains unclear. If some sysadmin on legitimate node does network scan to investiage something and you catch it - will it become positive "internet-background scanning noise"?

Comment by anonymousiam 5 days ago

How much traffic are you prepared to handle with this site?

Also, do you plan to support IPv6?

Comment by o2k 5 days ago

Great questions. It’s built on cloudflare so it should scale. Every endpoint is dual-stack today.

Comment by anonymousiam 5 days ago

My question about IPv6 was related to using an IPv6 address in a query, not making a query from an IPv6 client.

Comment by o2k 5 days ago

Gotcha, it can't today, but I am going to start working on it.

Comment by 5 days ago