Anonymous? Not so much.

So you want to track who’s coming to your site or network via an anoymous proxy? Not an easy task. Perhaps you even want to block anonymous traffic from visiting your website to thwart attacks? Fear not, Splunk is here.

I obviously know Splunk has all the mechanisms necessary to support this but I was missing an update-to-date list of anonymous proxy server IP addresses. I then remembered, I had recently met a few smart guys from Aplura at a Splunk Live! event where they showed off a custom command they built: getwatchlist. As they put it, getwatchlist “is a custom search command for Splunk which will return a CSV formatted list from a URL”. This is the …

» Continue reading