[184121] in North American Network Operators' Group
Re: Question re session hijacking in dual stack environments w/MacOS
daemon@ATHENA.MIT.EDU (Laszlo Hanyecz)
Sat Sep 26 11:39:10 2015
X-Original-To: nanog@nanog.org
To: nanog@nanog.org
From: Laszlo Hanyecz <laszlo@heliacal.net>
Date: Sat, 26 Sep 2015 15:39:03 +0000
In-Reply-To: <FCD26398C5EDE746BFC47F43EA52A17305EF20@dino.ad.hostasaurus.com>
Errors-To: nanog-bounces@nanog.org
On 2015-09-26 14:34, David Hubbard wrote:
> Websites that require some type of authentication that is handled via
> session cookies have been booting our users out randomly with "your ip
> address has changed" type message. This occurs when their Mac decides
> to switch between protocols because the site views it as a session
> hijacking attempt when Joe User with session ID xyz switches from
> 192.0.2.10 to 2001:db8::1:1:a or vice versa.
>
>
This sounds like a really poor practice on the part of the website
operators. Users on wireless devices may be switching networks
throughout the same session (wifi/LTE), or there could be a cluster of
proxies, or short DHCP leases, or tor circuit changes, or privacy
extensions, etc. This is almost as bad as using GeoIP databases to
authenticate.
-Laszlo
