Question re session hijacking in dual stack environments w/MacOS

Ca By cb.list6 at gmail.com
Sat Sep 26 14:47:02 UTC 2015


On Saturday, September 26, 2015, David Hubbard <
dhubbard at dino.hostasaurus.com> wrote:

> Hey all, as we've slowly deployed IPv6 to our end users, it has begun to
> cause some issues for those on Mac's specifically.  Apple apparently has
> an algorithm at some point in the network stack to decide whether IPv4
> or IPv6 is, perhaps, 'better' or 'faster' at any given point in time
> during an ongoing session.  This allows a computer talking to a dual
> stack remote website to flip flop between v4 and v6 as activity is
> conducted.
>
> Websites that require some type of authentication that is handled via
> session cookies have been booting our users out randomly with "your ip
> address has changed" type message.  This occurs when their Mac decides
> to switch between protocols because the site views it as a session
> hijacking attempt when Joe User with session ID xyz switches from
> 192.0.2.10 to 2001:db8::1:1:a or vice versa.
>
> Has anyone run into this?  Our users on other platforms don't seem to
> have this issue; linux and MS desktops seem to just use v6 if it's
> available and v4 if not.
>
> Thanks,
>
> David
>


Info about Apple and their unique IPv6 selection process

 https://www.ietf.org/mail-archive/web/v6ops/current/msg22455.html



More information about the NANOG mailing list