Test for multiple good auths from different IP addresses with unique session ids.
I think you missread this, this means unique username <waswas-fng> from random IP addresses each with their own session going. <br
User:IP:Session
waswas-fng:10.128.172.10:000001
waswas-fng:10.128.172.10:000002
waswas-fng:10.128.172.10:000003
waswas-fng:10.128.172.10:000004
waswas-fng:10.128.172.10:000005
waswas-fng:10.128.172.12:000005
waswas-fng:192.168.66.11:000004
Would be "OK"
Where:
User:IP:Session
waswas-fng:12.128.172.10:000001
waswas-fng:231.128.172.1:000002
waswas-fng:12.128.172.10:000003
waswas-fng:231.128.172.1:000004
waswas-fng:192.168.52.1:000005
Would show many users using the same account with unique sessions on different networks (shared password or hacked access).
-Waswas |