WebApp Sec: Re: Filtering by client IP address for Web App Sessions

[Frank Knobbe <frank () knobbe us>]

On Wed, 2005-02-23 at 09:12 -0600, Evans, Arian wrote:
> In Europe, Asia, etc. do you have:
>
> 2. Are there many ISPs or large organizations using megaproxies
> that swap client source IPs across entire classes of netblock (e.g.
> -like AOL does)?
Arian,

I don't have hard facts for you, but I would assume that most wireless
data services providers (i.e. T-Mobile, etc, basically GPRS Internet via
GSM and the like) will probably proxy or NAT their devices sessions. I
strongly doubt that every cell phone has their own routable IP address.

Since mobile Internet connectivity is increasing, and IPv6 adoption is
rather slow, I would think it's safe to preach the old "Thou shalt not
associate IP's to sessions" mantra for a while longer.

Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part