Re: Question re session hijacking in dual stack environments w/MacOS

[Owen DeLong <owen () delong com>]

> On Oct 1, 2015, at 22:46 , Doug McIntyre <merlyn () geeks org> wrote:
>
> On Tue, Sep 29, 2015 at 09:23:59AM +0200, Mark Tinka wrote:
> > On 26/Sep/15 16:34, David Hubbard wrote:
> > > Has anyone run into this?  Our users on other platforms don't seem to
> > > have this issue; linux and MS desktops seem to just use v6 if it's
> > > available and v4 if not.
> >
> > I have been tracking down an issue for months where SSH'ing to some
> > devices (which picks IPv6 by default) from my Mac while in the office
> > drops the connection, forcing me to reconnect. It's random; sometimes it
> > happens a lot, sometimes, rarely, other times not at all.
>
> I suspect this is OSX implementing IPv6 Privacy Extensions. Where OSX
> generates a new random IPv6 address, applies it to the interface, and then
> drops the old IPv6 addresses as they stale out. Sessions in use or not.
>
> sudo sysctl -w net.inet6.ip6.use_tempaddr=0
>
> sudo sh -c 'echo net.inet6.ip6.use_tempaddr=0 >> /etc/sysctl.conf'


I doubt it given the variable frequency he describes.

If it were OSX timing out addresses, he’d see a session drop every day or two
rather than frequently sometimes.

Owen