RE: Filtering by client IP address for Web App Sessions

["Amichai Shulman" <shulman () imperva com>]

We have been monitoring traffic to sites in Israel and some other
countries too. It is not uncommong anywhere to have clients swap IP
address during a single session. However it seems to us that 24 higher
bits of address appears to be constant.

Amichai Shulman
CTO




Imperva, Inc.
22 Hachilazon St.
Ramat Gan


(972)-3-6120133 x103 Office
(972)-3-7511133 Fax
(972)-50-6544451 Mobile
shulman () imperva com
 
 
 
 
 
 
 
 
 
 
 


-----Original Message-----
From: Evans, Arian [mailto:Arian.Evans () fishnetsecurity com] 
Sent: Wednesday, February 23, 2005 5:13 PM
To: webappsec () securityfocus com
Subject: Filtering by client IP address for Web App Sessions


Question for those outside of the US of A:

In Europe, Asia, etc. do you have:

1. Any significant user population of your web applications comprised of
AOL (America online) users?

2. Are there many ISPs or large organizations using megaproxies that
swap client source IPs across entire classes of netblock (e.g. -like AOL
does)?

I've been telling people for years that you can't filter by source or
even last octet netblocks and lately have been wondering if I'm dense
and this is a US-centric bias of mine thanks to the ISP behaviors I've
had to deal with over the years.

Feedback appreciated,

Arian