I have installed the IP Reputation App in my Splunk server which is behind a firewall. I have allowed port 54 for DNS resolution, but the Threatscore is still 0. May I know if there are other ports I need to open for the app to work?
Thank you.
Hi Leo,
usually not. it's going over DNS Protocol.
If you check directly with from your Splunk Server a lookup: abcdefghijkl.2.1.9.127.dnsbl.httpbl.org you should get 127.3.5.1 back.
API Documentation: https://www.projecthoneypot.org/httpbl_api.php
The lookup script is in the app directory /bin/scorelookup.py and calls the socket.gethostbyname command.
`dns_response = socket.gethostbyname($dns_query)`
br
Matthias