Question re session hijacking in dual stack environments w/MacOS

Valdis.Kletnieks at Valdis.Kletnieks at
Fri Oct 2 07:46:40 UTC 2015

On Fri, 02 Oct 2015 00:46:47 -0500, Doug McIntyre said:

> I suspect this is OSX implementing IPv6 Privacy Extensions. Where OSX
> generates a new random IPv6 address, applies it to the interface, and then
> drops the old IPv6 addresses as they stale out. Sessions in use or not.

Isn't the OS supposed to wait for the last user of the old address to close
their socket before dropping it?

> sudo sysctl -w net.inet6.ip6.use_tempaddr=0
> sudo sh -c 'echo net.inet6.ip6.use_tempaddr=0 >> /etc/sysctl.conf'

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list