nanog mailing list archives

Re: Question re session hijacking in dual stack environments w/MacOS

From: Doug McIntyre <merlyn () geeks org>
Date: Fri, 2 Oct 2015 06:58:43 -0500

On Fri, Oct 02, 2015 at 03:46:40AM -0400, Valdis.Kletnieks () vt edu wrote:

On Fri, 02 Oct 2015 00:46:47 -0500, Doug McIntyre said:

I suspect this is OSX implementing IPv6 Privacy Extensions. Where OSX
generates a new random IPv6 address, applies it to the interface, and then
drops the old IPv6 addresses as they stale out. Sessions in use or not.


Isn't the OS supposed to wait for the last user of the old address to close
their socket before dropping it?


In my experience, no, it doesn't. Ie. the main reason I disable it is
because my ssh sessions hung after some period of time, so ssh had
sockets open, but yet the IPv6 addresses kept rotating out.
Disabling it definately made the ssh sessions stable on OSX.

Apple codes to the masses. Average web browser user or mail client
won't care, that is all they test against. Not people that leave ssh
sessions open for days to weeks at a time.

Current thread:

Re: Question re session hijacking in dual stack environments w/MacOS Dovid Bender (Oct 01)
- <Possible follow-ups>
- Re: Question re session hijacking in dual stack environments w/MacOS Doug McIntyre (Oct 01)
  - Re: Question re session hijacking in dual stack environments w/MacOS Valdis . Kletnieks (Oct 02)
    - Re: Question re session hijacking in dual stack environments w/MacOS Mark Andrews (Oct 02)
    - Re: Question re session hijacking in dual stack environments w/MacOS Doug McIntyre (Oct 02)
    - Re: Question re session hijacking in dual stack environments w/MacOS voytek (Oct 02)
    - Re: Question re session hijacking in dual stack environments w/MacOS Owen DeLong (Oct 16)
  - Re: Question re session hijacking in dual stack environments w/MacOS Owen DeLong (Oct 02)
  - Re: Question re session hijacking in dual stack environments w/MacOS Mark Tinka (Oct 07)