[184337] in North American Network Operators' Group
Re: Question re session hijacking in dual stack environments w/MacOS
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Fri Oct 2 03:53:46 2015
X-Original-To: nanog@nanog.org
To: Doug McIntyre <merlyn@geeks.org>
From: Valdis.Kletnieks@vt.edu
In-Reply-To: <20151002054647.GA57805@geeks.org>
Date: Fri, 02 Oct 2015 03:46:40 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1443772000_2266P
Content-Type: text/plain; charset=us-ascii
On Fri, 02 Oct 2015 00:46:47 -0500, Doug McIntyre said:
> I suspect this is OSX implementing IPv6 Privacy Extensions. Where OSX
> generates a new random IPv6 address, applies it to the interface, and then
> drops the old IPv6 addresses as they stale out. Sessions in use or not.
Isn't the OS supposed to wait for the last user of the old address to close
their socket before dropping it?
> sudo sysctl -w net.inet6.ip6.use_tempaddr=0
>
> sudo sh -c 'echo net.inet6.ip6.use_tempaddr=0 >> /etc/sysctl.conf'
>
--==_Exmh_1443772000_2266P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Exmh version 2.5 07/13/2001
iQIVAwUBVg42YAdmEQWDXROgAQJmghAAsu/QLn6h1XG9bZUuD1+la01joO8WYU8e
ML/OADAslXEZ9BQAu4AZgDGmZCsF4HJeehWnbsyb6sM2Sic7PsafqPU0jgRRevCg
kCAb32tLWTvFFl4zmiyaR2BHi8WPUfTT+xpzJmyKiIVcowlJ7uLsgg9vl7YEkMm0
1yqieaA2ESgdWQfj1yLYZmPWMF9C5qhjB80a0wN/U3/H2/kmOCLUsYqN3Ldor1CF
GBbyXa4o77o3IulWLgDYyfO/FAjC/D0ZS3dA54+ZoKEEKZB4zqyhI53s+k4yF0qu
MhkZ+lbGxVsQ7O4xkixNbCH3hGlZQgTw38Pten5SK/e5vy4kZAUC4qk/6qPdNf7j
9zqcXgzkydfJWhJDrzySE3ryXd8BzbAcQHhIAXNeEa+xWJYjNFGJ6EdOIgqyYKir
g9DoJfceAUBlNcDlhOEHVWQQmCfiKmxV71D70UxaOC3C+X++c6tVpj0aISjP+vuJ
CXV4ZdgD5SIPLT5wGQxewhTW6F3iUW9cQWer70oiSwV0y7WIx0OLdcCgiPsvFxf3
HMf2QMyeGI8la48h5stZectOWMX3HsZQcxRYxeTOxEB+Wuo+hQuPfCUbvQ4O9Tza
RekA/p2Qky/eNXRH7fSjsUZWGt6STq4UyYkV9ZlxwXVCxgwLwWN7RfGOgzgU9ktD
DNoOlJWe7DI=
=5O73
-----END PGP SIGNATURE-----
--==_Exmh_1443772000_2266P--
