[Owasp-appsensor-project] Change to Detection Points - SE5 Source IP Address Changes During Session

John Melton jtmelton at gmail.com
Wed Jun 9 22:24:55 EDT 2010


just need a bit more info here - is the intention to allow a user to switch
IPs as long as it's in the same range and / or ASN and be considered ok?

On Wed, Jun 9, 2010 at 10:35 AM, Colin Watson <colin.watson at owasp.org>wrote:

> Suggestion to CHANGE an existing detection point.  Has this already
> been ruled out?  Should it be changed?
>
> Source
> -----------------------------------
> [Owasp-appsensor-project] AppSensor- a few ideas, Fri Sep 18 10:30:31 EDT
> 2009
>
> https://lists.owasp.org/pipermail/owasp-appsensor-project/2009-September/000005.html
>
> Description
> -----------------------------------
> Rather than a single IP Address, make the sensor specification broader
> to also allow ASN check instead.
>
> 1. Leave name unchanged (i.e. keep as "Source IP Address Changes
> During Session")
>
> 2. Change description to "Valid requests, containing valid session
> credentials, are received from multiple source IP addresses or source
> IP address ranges or source Autonomous System Number (ASN)"
>
> Reference
> http://www.apnic.net/services/services-apnic-provides/helpdesk/faqs/asn-faqs
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20100609/0546af3c/attachment.html 


More information about the Owasp-appsensor-project mailing list