Comment on Networking: icanhazip.com
non_burglar@lemmy.world 1 day ago
The back story of icanhazip is OK, but I want to know where you picked it up in your logs… Incoming on edge? Something in your network dialing out?
Comment on Networking: icanhazip.com
non_burglar@lemmy.world 1 day ago
The back story of icanhazip is OK, but I want to know where you picked it up in your logs… Incoming on edge? Something in your network dialing out?
Suricata picked it up on the LAN side. I haven’t done an in depth review, but I am suspecting that SpeedTest Tracker is using icanhazip.com and ifconfig.co to check my ip and find the most appropriate test server. It’s on the list tho. For now I have them blocked and nothing seems to complain about it.
Image
non_burglar@lemmy.world 1 day ago
Could be.
Speedtest (the ookla one) uses a bunch of traceroute and compares hops to pick a peering point, but they display your public IP on the test page and probably use some icanhzip or other service to know that. It should come as no surprise to you that most north American ISPs pay Ookla to prefer peering points in which they have a heavy presence.
Icanhazip is an older service, I’m surprised cloudflare didn’t just kill it, they built their own when they were standing up 1.1.1.1.
Could also be some other tooling on your lan built before the Claude days.
I think I found the source of the icanhazip.com block. From the Github Issues page: