Question re session hijacking in dual stack environments w/MacOS
voytek at trustdarkness.com
Fri Oct 2 18:01:32 UTC 2015
On Fri, 2 Oct 2015 06:58:43 -0500
Doug McIntyre <merlyn at geeks.org> wrote:
> On Fri, Oct 02, 2015 at 03:46:40AM -0400, Valdis.Kletnieks at vt.edu
> > On Fri, 02 Oct 2015 00:46:47 -0500, Doug McIntyre said:
> > > I suspect this is OSX implementing IPv6 Privacy Extensions. Where
> > > OSX generates a new random IPv6 address, applies it to the
> > > interface, and then drops the old IPv6 addresses as they stale
> > > out. Sessions in use or not.
> > Isn't the OS supposed to wait for the last user of the old address
> > to close their socket before dropping it?
> In my experience, no, it doesn't. Ie. the main reason I disable it is
> because my ssh sessions hung after some period of time, so ssh had
> sockets open, but yet the IPv6 addresses kept rotating out.
> Disabling it definately made the ssh sessions stable on OSX.
> Apple codes to the masses. Average web browser user or mail client
> won't care, that is all they test against. Not people that leave ssh
> sessions open for days to weeks at a time.
Since no one else has mentioned it yet, mosh is another solution to
this for ssh:
More information about the NANOG