-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problem with WHOIS in proxy environment #68
Comments
would love this feature as well... |
+1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
(I am using Graylog v2.4.0-beta.1.)
I’m trying to use the WHOIS from the Threat Intelligence plugin. Mostly the plugin tries to access the servers of ARIN.
HTTP proxy is set and works for all other parts of the Threat Intelligence plugin.
The main problem is that WHOIS uses its own protocol and not the http protocol.
During the analysis it turned out that Whois (tcp/43) does not use the proxy settings from the server.conf file but tries to communicate directly with the target servers. Both netstat and a wireshark trace show this behavior.
Is there an option to access the whois service via a SOCKS proxy server? I can’t access the whois service directly, I have to use a proxy server - there are no direct routes to the internet. Unfortunately, I can’t find any options in the settings. It would be great if this option were available.
Or...
there is an option to use a REST interface to make the WHOIS query. Maybe that would be an option for the future, then I would make a feature request.
https://www.arin.net/resources/whoisrws/
https://www.arin.net/resources/whoisrws/whois_api.html
This would solve the problem with the http proxy,
The text was updated successfully, but these errors were encountered: