Re: Filtering by client IP address for Web App Sessions

[Paul Johnston <paul () westpoint ltd uk>]

Hi,

I did an experiment using my website (http://pajhome.org.uk/) which is 
based in the UK. I used the Apache CookieTracking module with some other 
magic to get a measure of how common IP address changes were. The 
results are: 26540 visitors, 862 came from more than one IP address. In 
other words, it's about 3% of my site's browsers. These aren't all due 
to load-balanced proxies; some look like dial-up users reconnecting.

This is documented on pages 26-27 of my paper, 
http://www.westpoint.ltd.uk/advisories/Paul_Johnston_GSEC.pdf

Best wishes,

Paul


Evans, Arian wrote:

> Question for those outside of the US of A:
>
> In Europe, Asia, etc. do you have:
>
> 1. Any significant user population of your web applications
> comprised of AOL (America online) users?
>
> 2. Are there many ISPs or large organizations using megaproxies
> that swap client source IPs across entire classes of netblock (e.g.
> -like AOL does)?
>
> I've been telling people for years that you can't filter by source or
> even last octet netblocks and lately have been wondering if I'm dense
> and this is a US-centric bias of mine thanks to the ISP behaviors
> I've had to deal with over the years.
>
> Feedback appreciated,
>
> Arian
>
>
>
>
>
>  

--
Paul Johnston, GSEC
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
England
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul () westpoint ltd uk
web: www.westpoint.ltd.uk