Problem with WHOIS in proxy environment

[rkmbaxed]

(I am using Graylog v2.4.0-beta.1.) I’m trying to use the WHOIS from the Threat Intelligence plugin. Mostly the plugin tries to access the servers of ARIN. HTTP proxy is set and works for all other parts of the Threat Intelligence plugin. The main problem is that WHOIS uses its own protocol and not the http protocol. During the analysis it turned out that Whois (tcp/43) does not use the proxy settings from the server.conf file but tries to communicate directly with the target servers. Both netstat and a wireshark trace show this behavior. Is there an option to access the whois service via a SOCKS proxy server? I can’t access the whois service directly, I have to use a proxy server - there are no direct routes to the internet. Unfortunately, I can’t find any options in the settings. It would be great if this option were available. Or... there is an option to use a REST interface to make the WHOIS query. Maybe that would be an option for the future, then I would make a feature request. https://www.arin.net/resources/whoisrws/ https://www.arin.net/resources/whoisrws/whois_api.html This would solve the problem with the http proxy,

[martap79]

would love this feature as well...

[jekelundh]

+1