Tor_lookup Always returns false

Question

Tor_lookup Always returns false

ion-storm opened this issue 7 years ago · comments

Please see https://github.com/Graylog2/graylog2-server/issues/4539

I can confirm, tor_lookup always fails, also when you query the dataset it does not return true when found, it returns what looks like a hash

Tor successful lookup:(not returning true)

{
  "single_value": "D83665AF257FD05C4687897815233FD52A8E9829",
  "multi_value": {
    "node_ids": [
      "D83665AF257FD05C4687897815233FD52A8E9829"
    ]
  },
  "ttl": 9223372036854776000,
  "empty": false
}

Abuse.CH successful lookup
{
  "single_value": true,
  "multi_value": {
    "value": true
  },
  "ttl": 9223372036854776000,
  "empty": false
}

Jan Doberstein · Answer 1 · Thu Feb 08 2018 00:29:19 GMT+0800 (China Standard Time)

the lookup returns the ID of the Relay.

https://atlas.torproject.org/#details/D83665AF257FD05C4687897815233FD52A8E9829

You are right, this is not the correct as you would think it would return true or false and not the nodes ID in the Tor Network.

ionstorm · Answer 2 · Thu Feb 08 2018 21:12:47 GMT+0800 (China Standard Time)

This could also be turned into a feature request with a new field showing the tor_url :

https://atlas.torproject.org/#details/D83665AF257FD05C4687897815233FD52A8E9829

Jan Doberstein · Answer 3 · Mon Feb 12 2018 18:16:37 GMT+0800 (China Standard Time)

closing in favor of https://github.com/Graylog2/graylog2-server/issues/4539