The majority of Team Cymru’s daily efforts go towards building and maintaining a number of security threat intelligence services for the community — we have more than 60 free community service tools, including the popular IP-to-ASN lookup service.
Our latest community service tool is our Know-Your-IP Heatmap, and we’d love to get your input on it.
New tool identifies infected IP
This new service searches our database of known infections to see if the IP address you are using has been seen to be misbehaving — it might have been part of a botnet, detected as an improperly configured DNS recursive server, observed trying to bruteforce a site, seen as an abused proxy, or it might even have popped up as probing one of our Darknet experiments.
Whatever the case may be, if your IP address appears here as infected, you have an issue that needs to be addressed.
Not only does this new service identify if your IP address is infected, it also provides some helpful hints to help you clean your machines. As well, it displays a heatmap detailing where we think you are and how ‘hot’ your vicinity is in terms of other infections. We also rank the country you are in against other countries and show the trends over the past month.
Of course, there are some caveats here. Just because your IP is not listed as infected, that does not mean that you are entirely safe — all it means is that we have not seen your IP address as being infected in the past 30 days.
These numbers are based on what we see; other folks see a slightly different perspective of malicious activity in the Internet, so their numbers will be different. However, the general trends and relative standings ought to be broadly similar.
Contribute to make the Internet more secure
We build and maintain all these various community services for two reasons:
- Many of our free tools have become central to the InfoSec community. These tools deliver accurate and timely performance. If these tools were not available, it is likely that the miscreants we all battle every day would be a little more successful.
- These tools mean that folks learn about Team Cymru, and they come to trust us. This makes them more likely to want to partner with us and share data back into the community tools that we provide.
This new tool, we hope, will show you what you can get out of partnering with us in our no-cost community endeavours. You win, your users win, and our community wins as well. In fact, the only folks that lose are the miscreants we are fighting together.
Please feel free to share the tool with your colleagues and reach out to us at outreach@cymru.com if you have any comments or questions.
Steve Santorelli (@stevesantorelli) is Director of Analysis and Outreach at Team Cymru (@teamcymru).
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.
Thanks for the post. I certainly found the tool most useful. I tested 4 different systems (I control 3 of them) and they all checked out OK.
Nice tool, well done guys. I’m wondering if you can provide some sort of API to retrieve this data for an IP range?
no IPv6?