000011937 - Whois and SilverTail

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011937
IssueWhois and SilverTail
Whois lookup is performed from the UIServer node.
We need port 43 (whois) and 4321 (rwhois) opened outbound for the lookups to work. We understand this could be a security concern for some clients. Below is a technical explanation on jwhois and why we need outbound for port 43 and 4321. 

Jwhois contains a seed list of where to go to lookup a specific address in /etc/jwhois.conf which firewall holes can be specifically opened to.
addition, jwhois also supports rwhois, where one server can redirect you to another (normally more specific) server for a particular address.
In that 
case, the more specific server could be anywhere on the internet. rwhois uses port 4321 (although occasionally it also uses port 43)
Legacy Article IDa61773