WebApp Sec mailing list archives
Re: Filtering by client IP address for Web App Sessions
From: Frank Knobbe <frank () knobbe us>
Date: Sat, 26 Feb 2005 22:11:43 -0600
On Wed, 2005-02-23 at 09:12 -0600, Evans, Arian wrote:
In Europe, Asia, etc. do you have: 2. Are there many ISPs or large organizations using megaproxies that swap client source IPs across entire classes of netblock (e.g. -like AOL does)?
Arian, I don't have hard facts for you, but I would assume that most wireless data services providers (i.e. T-Mobile, etc, basically GPRS Internet via GSM and the like) will probably proxy or NAT their devices sessions. I strongly doubt that every cell phone has their own routable IP address. Since mobile Internet connectivity is increasing, and IPv6 adoption is rather slow, I would think it's safe to preach the old "Thou shalt not associate IP's to sessions" mantra for a while longer. Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Filtering by client IP address for Web App Sessions Evans, Arian (Feb 23)
- Re: Filtering by client IP address for Web App Sessions Paul Johnston (Feb 28)
- Re: Filtering by client IP address for Web App Sessions Steve Shah (Feb 28)
- Re: Filtering by client IP address for Web App Sessions Paul Johnston (Mar 01)
- Re: Filtering by client IP address for Web App Sessions exon (Feb 28)
- Re: Filtering by client IP address for Web App Sessions Jason Coombs (Feb 28)
- Re: Filtering by client IP address for Web App Sessions Frank Knobbe (Feb 28)
- Re: Filtering by client IP address for Web App Sessions Javier Fernandez-Sanguino (Mar 01)
- <Possible follow-ups>
- RE: Filtering by client IP address for Web App Sessions Amichai Shulman (Feb 28)
- RE: Filtering by client IP address for Web App Sessions Griffiths, Ian (Feb 28)
- RE: Filtering by client IP address for Web App Sessions Scovetta, Michael V (Feb 28)
- RE: Filtering by client IP address for Web App Sessions Evans, Arian (Mar 03)