Question re session hijacking in dual stack environments w/MacOS
owen at delong.com
Fri Oct 2 18:39:01 UTC 2015
> On Oct 1, 2015, at 22:46 , Doug McIntyre <merlyn at geeks.org> wrote:
> On Tue, Sep 29, 2015 at 09:23:59AM +0200, Mark Tinka wrote:
>> On 26/Sep/15 16:34, David Hubbard wrote:
>>> Has anyone run into this? Our users on other platforms don't seem to
>>> have this issue; linux and MS desktops seem to just use v6 if it's
>>> available and v4 if not.
>> I have been tracking down an issue for months where SSH'ing to some
>> devices (which picks IPv6 by default) from my Mac while in the office
>> drops the connection, forcing me to reconnect. It's random; sometimes it
>> happens a lot, sometimes, rarely, other times not at all.
> I suspect this is OSX implementing IPv6 Privacy Extensions. Where OSX
> generates a new random IPv6 address, applies it to the interface, and then
> drops the old IPv6 addresses as they stale out. Sessions in use or not.
> sudo sysctl -w net.inet6.ip6.use_tempaddr=0
> sudo sh -c 'echo net.inet6.ip6.use_tempaddr=0 >> /etc/sysctl.conf'
I doubt it given the variable frequency he describes.
If it were OSX timing out addresses, he’d see a session drop every day or two
rather than frequently sometimes.
More information about the NANOG