RE: Filtering by client IP address for Web App Sessions

["Griffiths, Ian" <Ian.Griffiths () liv-coll ac uk>]

1. Yes

2. You mean within one visit the proxy address will jump across
netblocks?  My short answer is yes, I think I've seen behaviour like
this.  My slow answer is that I would have to check that out.

I'd say you are correct - even if this behaviour is limited to AOL it is
still true enough.  Not scientific measurement, but a little over 10% of
email addresses which I hold are AOL (1700 out of 16500 records).  Even
if this data is not reflective of the UK public at large, it is still
significant.

Ian

-----Original Message-----
From: Evans, Arian [mailto:Arian.Evans () fishnetsecurity com] 
Sent: 23 February 2005 15:13
To: webappsec () securityfocus com
Subject: Filtering by client IP address for Web App Sessions


Question for those outside of the US of A:

In Europe, Asia, etc. do you have:

1. Any significant user population of your web applications comprised of
AOL (America online) users?

2. Are there many ISPs or large organizations using megaproxies that
swap client source IPs across entire classes of netblock (e.g. -like AOL
does)?

I've been telling people for years that you can't filter by source or
even last octet netblocks and lately have been wondering if I'm dense
and this is a US-centric bias of mine thanks to the ISP behaviors I've
had to deal with over the years.

Feedback appreciated,

Arian