Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How does iplocation identify anonymous proxies?

bdenes_snap
Engager
‎08-01-2014 02:01 PM

We use IpLocation at my company and its performing pretty well. I would like to find out a bit more of how the IpLocation plug-in identifies anonymous proxies - our business is trying to make a decision if we can rely on this to filter out spammers.

Tags (2)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎08-01-2014 05:29 PM

If your ip field contains a proxy IP then the iplocation command will treat it as any other IP - look up its location. The database backing this doesn't have any knowledge of whether an IP is running a proxy or not.

You may want to look into the IP Reputation app: http://apps.splunk.com/app/1457/
Using data from Project Honeypot that flags known abusive IPs with a focus on spam.

0 Karma
Reply

bdenes_snap
Engager
‎08-05-2014 02:34 PM

Thank you - but let me update my question. If the ip field is a proxy in the search results we see "Anonymous Proxy". This is impressive, because from what we can tell, it is better then Vindicia's proxy detection or any other paid service's. I'll try to upload a screen shot in a bit...

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...