[Owasp-appsensor-project] Change to Detection Points - SE5 Source IP Address Changes During Session

Michael Coates michael.coates at owasp.org
Thu Jun 10 19:19:20 EDT 2010


I agree this should be broader. Its quite possible an IP address would 
change during normal use. I think its better to look at a scenario that 
shouldn't happen e.g. user's ip changes from US to Europe.  We just need 
to find that best way to describe that.

Michael Coates
OWASP


On 6/9/10 7:24 PM, John Melton wrote:
> just need a bit more info here - is the intention to allow a user to 
> switch IPs as long as it's in the same range and / or ASN and be 
> considered ok?
>
> On Wed, Jun 9, 2010 at 10:35 AM, Colin Watson <colin.watson at owasp.org 
> <mailto:colin.watson at owasp.org>> wrote:
>
>     Suggestion to CHANGE an existing detection point.  Has this already
>     been ruled out?  Should it be changed?
>
>     Source
>     -----------------------------------
>     [Owasp-appsensor-project] AppSensor- a few ideas, Fri Sep 18
>     10:30:31 EDT 2009
>     https://lists.owasp.org/pipermail/owasp-appsensor-project/2009-September/000005.html
>
>     Description
>     -----------------------------------
>     Rather than a single IP Address, make the sensor specification broader
>     to also allow ASN check instead.
>
>     1. Leave name unchanged (i.e. keep as "Source IP Address Changes
>     During Session")
>
>     2. Change description to "Valid requests, containing valid session
>     credentials, are received from multiple source IP addresses or source
>     IP address ranges or source Autonomous System Number (ASN)"
>
>     Reference
>     http://www.apnic.net/services/services-apnic-provides/helpdesk/faqs/asn-faqs
>     _______________________________________________
>     Owasp-appsensor-project mailing list
>     Owasp-appsensor-project at lists.owasp.org
>     <mailto:Owasp-appsensor-project at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>
>
>
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>    
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20100610/6a887703/attachment-0001.html 


More information about the Owasp-appsensor-project mailing list