Problem with WHOIS in proxy environment #68
Comments
|
would love this feature as well... |
|
+1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
|
would love this feature as well... |
|
+1 |
(I am using Graylog v2.4.0-beta.1.)
I’m trying to use the WHOIS from the Threat Intelligence plugin. Mostly the plugin tries to access the servers of ARIN.
HTTP proxy is set and works for all other parts of the Threat Intelligence plugin.
The main problem is that WHOIS uses its own protocol and not the http protocol.
During the analysis it turned out that Whois (tcp/43) does not use the proxy settings from the server.conf file but tries to communicate directly with the target servers. Both netstat and a wireshark trace show this behavior.
Is there an option to access the whois service via a SOCKS proxy server? I can’t access the whois service directly, I have to use a proxy server - there are no direct routes to the internet. Unfortunately, I can’t find any options in the settings. It would be great if this option were available.
Or...
there is an option to use a REST interface to make the WHOIS query. Maybe that would be an option for the future, then I would make a feature request.
https://www.arin.net/resources/whoisrws/
https://www.arin.net/resources/whoisrws/whois_api.html
This would solve the problem with the http proxy,
The text was updated successfully, but these errors were encountered: