WhoIs or Google link for IP addresses in notification

[Dark-Noir]

Hey,

just a little feature request to look up for unknown IP addresses with Google or WhoIs etc. in the Notification window (Clicking on the IP opens the browser etc.).

[beerisgood]

Why you want sell your data to Google? No, that's a bad idea.

[Dark-Noir]

Yeah, I should better follow the cable to find out who owns the IP :D

[ghost]

I agree with @Dark-Noir, I think a link to a service like ipinfo.io (or similar) would be useful. No information is sent just displaying a link, so I don't see the issue. Could even be configurable by the user to use whatever service they want (or none at all).

[pwn0r]

using startpage would be much better for starters. ipinfo is a good service as well.

[rextheleopard]

A harmful service or a service that collects statistics (which is the same) can rent any ip addresses and your whois is useless. But whois service will be able to collect statistics itself. In general, not a good idea. A good idea to make a list of connections, active, listen and open ports like in TCPView from sysinternals.

[ltguillaume]

+1 obviously https://github.com/henrypp/simplewall/issues/68

[ghost]

@rextheleopard I don't think [being able to] "rent any ip address" (lol) has anything to do with this. A malicious actor cannot own an IP address that resides in a corporate ASN (short of a hosting service like Azure or similar), obviously, so whois lookups are far from useless. If the lookup shows some random IP (consumer level ISP, offshore hosting, etc) then it warrants further investigation. Whois lookups are to make that determination.

And tbh, while I obviously can't speak for henrypp, an active port viewer seems outside the scope of simplewall as I don't believe there is any way to do it using WFP. It would need to be made from scratch, which sounds like a waste of time considering there are already tons of tools that do this such as CurrPorts, Process Hacker, and TCPView as you mention. Has nothing to do with this issue anyway.

[cinderblock]

I for one really want this feature. Frankly, I would like it to be automatic: don't even make me click to see who owns public IPs. The Simplewall UI should at a minimum display country of public IPs.

No one is suggesting this would be enabled by default or not be configurable. To all those complaining that they don't want to be tracked, don't use this feature.

[TontyTon]

For now you can try enabling 'resolve network addresses', it can sometimes give you good info.

Here it means nothing, I know. But sometimes show considerable info (when Host name and domain name are same or similar).