Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Filtering by client IP address for Web App Sessions

from [Paul Johnston] Network Security [Permanent Link]
Subject: Re: Filtering by client IP address for Web App Sessions
Date: Thu, 24 Feb 2005 16:00:45 +0000 
Hi,

I did an experiment using my website (http://pajhome.org.uk/) which is based in the UK. I used the Apache CookieTracking module with some other magic to get a measure of how common IP address changes were. The results are: 26540 visitors, 862 came from more than one IP address. In other words, it's about 3% of my site's browsers. These aren't all due to load-balanced proxies; some look like dial-up users reconnecting.

This is documented on pages 26-27 of my paper, http://www.westpoint.ltd.uk/advisories/Paul_Johnston_GSEC.pdf

Best wishes,

Paul


Evans, Arian wrote:

Question for those outside of the US of A:

In Europe, Asia, etc. do you have:

1. Any significant user population of your web applications
comprised of AOL (America online) users?

2. Are there many ISPs or large organizations using megaproxies
that swap client source IPs across entire classes of netblock (e.g.
-like AOL does)?

I've been telling people for years that you can't filter by source or
even last octet netblocks and lately have been wondering if I'm dense
and this is a US-centric bias of mine thanks to the ISP behaviors
I've had to deal with over the years.

Feedback appreciated,

Arian








--
Paul Johnston, GSEC
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
England
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul@westpoint.ltd.uk
web: www.westpoint.ltd.uk

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Object Caching with IE 6 XP SP2, Don Tuer
Next by Date:  RE: Copying files from one server to another., MAGNY David
Previous by Thread:  Filtering by client IP address for Web App Sessions, Evans, Arian
Next by Thread:  Re: Filtering by client IP address for Web App Sessions, Steve Shah
Indexes:  [Date] [Thread] [Top] [All Lists]