Question re session hijacking in dual stack environments w/MacOS

• Previous message (by thread): Question re session hijacking in dual stack environments w/MacOS
• Next message (by thread): Question re session hijacking in dual stack environments w/MacOS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

‎> Those site eventually learnt after much feedback not to assume on IPv4 address continuity.

I could envision that those checks might now be relaxed‎ to checking for address continuity in the same /24 for instance.

But when you're seeing the same session being used from two wildly different places (in this case, IPv4 and IPv6) at the SAME TIME, that does seem rather suspicious in the absence of other information.

M.

• Previous message (by thread): Question re session hijacking in dual stack environments w/MacOS
• Next message (by thread): Question re session hijacking in dual stack environments w/MacOS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]