[Rtir] A couple of questions

Gorazd Bozic gorazd.bozic at arnes.si
Thu Sep 9 05:10:24 EDT 2004

Natasa Glavor wrote:

> Here they are:
> * how do we adjust RTIR to make queries to different custom databases
> instead of the default whois querying?

Hi Natasa,

We solved this by setting up our own simple whois server (or you might 
call it a whois wrapper). The whois protocol is really simple: connect 
to the server, send a single line query (usually an IP address) and read 
back the response. If it is run from inetd.conf, you read from stdin and 
write results to stdout, so it doesn't need any networking stuff.

For instance, you create a simple perl script:


$request = <>; chomp($request);

if ($request =~ /... some pattern .../) {
    # Based on value in query string, you can decide whether to query
    # any locally available information.

system("whois $request");

If you name this script for instance "whois_wrapper", put the following 
(or modify) in /etc/inetd.conf:

nicname stream  tcp     nowait  root /usr/local/bin/whois_wrapper 

You can of course extend the perl script to perform all kinds of local 
magic information digging. For instance, we check whether the IP is in 
our constituency and then access MySQL databases via perl DBI module to 
gather detailed information on our customer.

Hope this helps,

Gorazd Bozic <gorazd.bozic at arnes.si>
ARNES SI-CERT, Jamova 39 p.p. 7, SI-1001 Ljubljana, Slovenia
tel: +386 1 479 88 22, fax: +386 1 479 88 99

More information about the Rtir mailing list