Skynet What's Up?

[bluepoint]

Did we break AlienVault or firehol?

Last 20 Unique Connections Blocked (Inbound);


--------------       | --------------                                          | --------------                                | ----------------------           
| IP Address |       | | AlienVault |                                          | | Ban Reason |                                | | Associated Domains |           
--------------       | --------------                                          | --------------                                | ----------------------           

185.153.197.142 (MD) | https://otx.alienvault.com/indicator/ip/185.153.197.142 | BanMalware: firehol_level3.netset*            |                                  
74.120.14.24    (US) | https://otx.alienvault.com/indicator/ip/74.120.14.24    | BanMalware: firehol_level3.netset*            |                                  
194.147.140.76  (NL) | https://otx.alienvault.com/indicator/ip/194.147.140.76  | BanMalware: firehol_level3.netset*            |                                  
193.27.229.219  (RU) | https://otx.alienvault.com/indicator/ip/193.27.229.219  | BanMalware: firehol_level2.netset*            |                                  
194.147.140.80  ({
    "errorCode": "OVER_QUERY_LIMIT",
    "error": "maximum number of queries per day exceeded"
}) | https://otx.alienvault.com/indicator/ip/194.147.140.80  | BanMalware: firehol_level3.netset*            |                                                    
162.142.125.17  (US) | https://otx.alienvault.com/indicator/ip/162.142.125.17  | BanMalware: firehol_level2.netset             |                                  
94.102.51.17    (NL) | https://otx.alienvault.com/indicator/ip/94.102.51.17    | BanMalware: normshield_high_attack.ipset      |                                  
83.97.20.31     (RO) | https://otx.alienvault.com/indicator/ip/83.97.20.31     | BanMalware: normshield_high_bruteforce.ipset  |                                  
194.147.140.94  ({
    "errorCode": "OVER_QUERY_LIMIT",
    "error": "maximum number of queries per day exceeded"
}) | https://otx.alienvault.com/indicator/ip/194.147.140.94  | BanMalware: firehol_level3.netset*            |                                                    
104.206.128.14  (US) | https://otx.alienvault.com/indicator/ip/104.206.128.14  | BanMalware: firehol_level3.netset             |                                  
194.147.140.48  (NL) | https://otx.alienvault.com/indicator/ip/194.147.140.48  | BanMalware: firehol_level3.netset*            |                                  
194.147.140.103 (NL) | https://otx.alienvault.com/indicator/ip/194.147.140.103 | BanMalware: firehol_level3.netset*            |                                  
194.147.140.97  ({
    "errorCode": "OVER_QUERY_LIMIT",
    "error": "maximum number of queries per day exceeded"
}) | https://otx.alienvault.com/indicator/ip/194.147.140.97  | BanMalware: firehol_level3.netset*            |                                                    
194.147.140.106 (NL) | https://otx.alienvault.com/indicator/ip/194.147.140.106 | BanMalware: firehol_level3.netset*            |                                  
194.147.140.98  ({
    "errorCode": "OVER_QUERY_LIMIT",
    "error": "maximum number of queries per day exceeded"
}) | https://otx.alienvault.com/indicator/ip/194.147.140.98  | BanMalware: firehol_level3.netset*            |                                                    
162.142.125.27  (US) | https://otx.alienvault.com/indicator/ip/162.142.125.27  | BanMalware: firehol_level3.netset*            |                                  
194.147.140.68  (NL) | https://otx.alienvault.com/indicator/ip/194.147.140.68  | BanMalware: firehol_level3.netset*            |                                  
194.147.140.107 (NL) | https://otx.alienvault.com/indicator/ip/194.147.140.107 | BanMalware: firehol_level3.netset*            |                                  
167.71.186.157  (US) | https://otx.alienvault.com/indicator/ip/167.71.186.157  | BanMalware: firehol_level3.netset             |                                  
194.147.140.66  (NL) | https://otx.alienvault.com/indicator/ip/194.147.140.66  | BanMalware: firehol_level3.netset*            |

 

[dave14305]

Exceeded the db-ip.com threshold. Browse here to see queries remaining.

https://api.db-ip.com/v2/free/

{
    "queriesLeft": 1000
}

 

[bluepoint]

Exceeded the db-ip.com threshold. Browse here to see queries remaining.

https://api.db-ip.com/v2/free/

{
    "queriesLeft": 1000
}

Thanks @dave14305, are these user queries?

 

[dave14305]

Thanks @dave14305, are these user queries?

It’s what does the country lookup. Maybe turn it off in settings.

 

[bluepoint]

It’s what does the country lookup. Maybe turn it off in settings.

I always wonder what country lookup is? What will I miss if country lookup is disabled?

NVM I think I have an idea of what it is, I'll experiment.

 

[nunomgsantos]

Hi,

I have the same problem now.

Any ideas to resolve this?

 

[Tech9]

Any ideas to resolve this?

Read the posts above.

 

[Sonyrolfy]

Im testing nextdns (DOT servers) In the logs

api.db-ip.com

is blocked continuously. Do i need to unblock it when working with Skynet. Just to be shure. Tnx!

EDIT:
Got IT: Skynet uses that site so it is part of the shared whitelist between Diversion and Skynet.

 

[SomeWhereOverTheRainBow]

Im testing nextdns (DOT servers) In the logs

api.db-ip.com

is blocked continuously. Do i need to unblock it when working with Skynet. Just to be shure. Tnx!

EDIT:
Got IT: Skynet uses that site so it is part of the shared whitelist between Diversion and Skynet.

Here is everything skynet whitelists to prevent "breakage"

ipdeny.com
ipapi.co
api.db-ip.com
api.bgpview.io
asn.ipinfo.app
speedguide.net
otx.alienvault.com
github.com
raw.githubusercontent.com
iplists.firehol.org
astrill.com
strongpath.net
snbforums.com
bin.entware.net
nwsrv-ns1.asus.com

 

[SomeWhereOverTheRainBow]

Did we break AlienVault or firehol?

Last 20 Unique Connections Blocked (Inbound);


--------------       | --------------                                          | --------------                                | ----------------------          
| IP Address |       | | AlienVault |                                          | | Ban Reason |                                | | Associated Domains |          
--------------       | --------------                                          | --------------                                | ----------------------          

185.153.197.142 (MD) | https://otx.alienvault.com/indicator/ip/185.153.197.142 | BanMalware: firehol_level3.netset*            |                                 
74.120.14.24    (US) | https://otx.alienvault.com/indicator/ip/74.120.14.24    | BanMalware: firehol_level3.netset*            |                                 
194.147.140.76  (NL) | https://otx.alienvault.com/indicator/ip/194.147.140.76  | BanMalware: firehol_level3.netset*            |                                 
193.27.229.219  (RU) | https://otx.alienvault.com/indicator/ip/193.27.229.219  | BanMalware: firehol_level2.netset*            |                                 
194.147.140.80  ({
    "errorCode": "OVER_QUERY_LIMIT",
    "error": "maximum number of queries per day exceeded"
}) | https://otx.alienvault.com/indicator/ip/194.147.140.80  | BanMalware: firehol_level3.netset*            |                                                   
162.142.125.17  (US) | https://otx.alienvault.com/indicator/ip/162.142.125.17  | BanMalware: firehol_level2.netset             |                                 
94.102.51.17    (NL) | https://otx.alienvault.com/indicator/ip/94.102.51.17    | BanMalware: normshield_high_attack.ipset      |                                 
83.97.20.31     (RO) | https://otx.alienvault.com/indicator/ip/83.97.20.31     | BanMalware: normshield_high_bruteforce.ipset  |                                 
194.147.140.94  ({
    "errorCode": "OVER_QUERY_LIMIT",
    "error": "maximum number of queries per day exceeded"
}) | https://otx.alienvault.com/indicator/ip/194.147.140.94  | BanMalware: firehol_level3.netset*            |                                                   
104.206.128.14  (US) | https://otx.alienvault.com/indicator/ip/104.206.128.14  | BanMalware: firehol_level3.netset             |                                 
194.147.140.48  (NL) | https://otx.alienvault.com/indicator/ip/194.147.140.48  | BanMalware: firehol_level3.netset*            |                                 
194.147.140.103 (NL) | https://otx.alienvault.com/indicator/ip/194.147.140.103 | BanMalware: firehol_level3.netset*            |                                 
194.147.140.97  ({
    "errorCode": "OVER_QUERY_LIMIT",
    "error": "maximum number of queries per day exceeded"
}) | https://otx.alienvault.com/indicator/ip/194.147.140.97  | BanMalware: firehol_level3.netset*            |                                                   
194.147.140.106 (NL) | https://otx.alienvault.com/indicator/ip/194.147.140.106 | BanMalware: firehol_level3.netset*            |                                 
194.147.140.98  ({
    "errorCode": "OVER_QUERY_LIMIT",
    "error": "maximum number of queries per day exceeded"
}) | https://otx.alienvault.com/indicator/ip/194.147.140.98  | BanMalware: firehol_level3.netset*            |                                                   
162.142.125.27  (US) | https://otx.alienvault.com/indicator/ip/162.142.125.27  | BanMalware: firehol_level3.netset*            |                                 
194.147.140.68  (NL) | https://otx.alienvault.com/indicator/ip/194.147.140.68  | BanMalware: firehol_level3.netset*            |                                 
194.147.140.107 (NL) | https://otx.alienvault.com/indicator/ip/194.147.140.107 | BanMalware: firehol_level3.netset*            |                                 
167.71.186.157  (US) | https://otx.alienvault.com/indicator/ip/167.71.186.157  | BanMalware: firehol_level3.netset             |                                 
194.147.140.66  (NL) | https://otx.alienvault.com/indicator/ip/194.147.140.66  | BanMalware: firehol_level3.netset*            |

Exceeded the db-ip.com threshold. Browse here to see queries remaining.

https://api.db-ip.com/v2/free/

{
    "queriesLeft": 1000
}

@bluepoint were you playing around with the firewall again? how did you hit the ratelimit? Idk If I have ever seen that being done on here.

 

[SomeWhereOverTheRainBow]

@dave14305 do you know of any other APIs that might not have this limitation?

https://ipinfo.io/${ip}/country

But I don't know if they have a ratelimit and it doesn't list full country name, just the country code.

curl -s http://ip-api.com/json/${ip} | awk -F '[:,]' '/"country"/ {gsub(/"/, "", $4); print $4}'

Returns just the country name, but that isn't over a secure connection.

Here is another, but Idk its accuracy in comparison to ipinfo.io.

curl -sSL https://api.hostip.info/get_json.php?ip=${ip} | awk -F '[:,]' '/"country_name"/ {gsub(/"/, "", $2); print $2}'

for ip in 194.147.140.80 194.147.140.94 194.147.140.97 194.147.140.98; do curl -sSL https://api.hostip.info/get_json.php?ip=$ip | awk -F '[:,]' '/"country_name"/ {gsub(/"/, "", $2); print $2}'; done
SWITZERLAND
SWITZERLAND
SWITZERLAND
SWITZERLAND


for ip in 194.147.140.80 194.147.140.94 194.147.140.97 194.147.140.98; do curl -sSL https://api.hostip.info/get_json.php?ip=$ip | awk -F '[:,]' '/"country_code"/ {gsub(/"/, "", $4); print $4}'; done
CH
CH
CH
CH

As you can see, I question the accuracy of api.hostip.info because the API skynet uses produces much different results.

for ip in 194.147.140.80 194.147.140.94 194.147.140.97 194.147.140.98; do curl -sSL https://ipinfo.io/${ip}/country; done
UA
UA
UA
UA

After some research, https://ipinfo.io/${ip}/country does ratelimit after 50,000 queries. It allows 50,000 free lookups per day, but does not offer listing full countries name, just the code.

 

[dave14305]

do you know of any other APIs that might not have this limitation?

No, there has always been a dance between Skynet and these free services where they stop working, or start rate-limiting and Adamm has to find a new one. I don’t think this is much of an issue in this 2.5 year old thread.

 

[SomeWhereOverTheRainBow]

No, there has always been a dance between Skynet and these free services where they stop working, or start rate-limiting and Adamm has to find a new one. I don’t think this is much of an issue in this 2.5 year old thread.

I agree, I havent personally queried this API enough to have to worry about this being an issue. I am curious about the steps the OP took to discover this ratelimit. I am under the impression, that the average user through normal use would not hit the ratelimit.

 

[Sonyrolfy]

Here is everything skynet whitelists to prevent "breakage"

ipdeny.com
ipapi.co
api.db-ip.com
api.bgpview.io
asn.ipinfo.app
speedguide.net
otx.alienvault.com
github.com
raw.githubusercontent.com
iplists.firehol.org
astrill.com
strongpath.net
snbforums.com
bin.entware.net
nwsrv-ns1.asus.com

Thanks a bunch, in the whitelist !

 

[bluepoint]

@bluepoint were you playing around with the firewall again? how did you hit the ratelimit? Idk If I have ever seen that being done on here.

I had forgotten what happened then it's been 2+ years since and I no longer use skynet.