[184744] in North American Network Operators' Group
Re: Question re session hijacking in dual stack environments w/MacOS
daemon@ATHENA.MIT.EDU (Owen DeLong)
Fri Oct 16 14:52:00 2015
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <132752.1443772000@turing-police.cc.vt.edu>
Date: Fri, 16 Oct 2015 11:50:52 -0700
To: Valdis.Kletnieks@vt.edu
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
> On Oct 2, 2015, at 00:46 , Valdis.Kletnieks@vt.edu wrote:
>=20
> On Fri, 02 Oct 2015 00:46:47 -0500, Doug McIntyre said:
>=20
>> I suspect this is OSX implementing IPv6 Privacy Extensions. Where OSX
>> generates a new random IPv6 address, applies it to the interface, and =
then
>> drops the old IPv6 addresses as they stale out. Sessions in use or =
not.
>=20
> Isn't the OS supposed to wait for the last user of the old address to =
close
> their socket before dropping it?
No=E2=80=A6 It just waits for the valid lifetime to expire.
Privacy addresses don=E2=80=99t refresh their preferred lifetime and =
start counting the valid lifetime from preferred expiration IIRC.
Owen
