[184398] in North American Network Operators' Group
Re: Question re session hijacking in dual stack environments w/MacOS
daemon@ATHENA.MIT.EDU (Owen DeLong)
Fri Oct 2 14:47:02 2015
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <20151002054647.GA57805@geeks.org>
Date: Fri, 2 Oct 2015 11:39:01 -0700
To: Doug McIntyre <merlyn@geeks.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
> On Oct 1, 2015, at 22:46 , Doug McIntyre <merlyn@geeks.org> wrote:
>=20
> On Tue, Sep 29, 2015 at 09:23:59AM +0200, Mark Tinka wrote:
>> On 26/Sep/15 16:34, David Hubbard wrote:
>>> Has anyone run into this? Our users on other platforms don't seem =
to
>>> have this issue; linux and MS desktops seem to just use v6 if it's
>>> available and v4 if not.
>>=20
>> I have been tracking down an issue for months where SSH'ing to some
>> devices (which picks IPv6 by default) from my Mac while in the office
>> drops the connection, forcing me to reconnect. It's random; sometimes =
it
>> happens a lot, sometimes, rarely, other times not at all.
>=20
> I suspect this is OSX implementing IPv6 Privacy Extensions. Where OSX
> generates a new random IPv6 address, applies it to the interface, and =
then
> drops the old IPv6 addresses as they stale out. Sessions in use or =
not.
>=20
> sudo sysctl -w net.inet6.ip6.use_tempaddr=3D0
>=20
> sudo sh -c 'echo net.inet6.ip6.use_tempaddr=3D0 >> /etc/sysctl.conf'
I doubt it given the variable frequency he describes.
If it were OSX timing out addresses, he=E2=80=99d see a session drop =
every day or two
rather than frequently sometimes.
Owen
