Re: Question re session hijacking in dual stack environments w/MacOS

> On Oct 2, 2015, at 00:46 , valdis.kletni...@vt.edu wrote: > > On Fri, 02 Oct 2015 00:46:47 -0500, Doug McIntyre said: > >> I suspect this is OSX implementing IPv6 Privacy Extensions. Where OSX >> generates a new random IPv6 address, applies it to the interface, and then >> drops the old IPv6

Re: Question re session hijacking in dual stack environments w/MacOS

On 2/Oct/15 07:46, Doug McIntyre wrote: > I suspect this is OSX implementing IPv6 Privacy Extensions. Where OSX > generates a new random IPv6 address, applies it to the interface, and then > drops the old IPv6 addresses as they stale out. Sessions in use or not. > > sudo sysctl -w

Re: Question re session hijacking in dual stack environments w/MacOS

In message <132752.1443772...@turing-police.cc.vt.edu>, valdis.kletni...@vt.edu writes: > On Fri, 02 Oct 2015 00:46:47 -0500, Doug McIntyre said: > > > I suspect this is OSX implementing IPv6 Privacy Extensions. Where OSX > > generates a new random IPv6 address, applies it to the interface, and

Re: Question re session hijacking in dual stack environments w/MacOS

On Fri, Oct 02, 2015 at 03:46:40AM -0400, valdis.kletni...@vt.edu wrote: > On Fri, 02 Oct 2015 00:46:47 -0500, Doug McIntyre said: > > > I suspect this is OSX implementing IPv6 Privacy Extensions. Where OSX > > generates a new random IPv6 address, applies it to the interface, and then > > drops

Re: Question re session hijacking in dual stack environments w/MacOS

> On Oct 1, 2015, at 22:46 , Doug McIntyre wrote: > > On Tue, Sep 29, 2015 at 09:23:59AM +0200, Mark Tinka wrote: >> On 26/Sep/15 16:34, David Hubbard wrote: >>> Has anyone run into this? Our users on other platforms don't seem to >>> have this issue; linux and MS desktops

Re: Question re session hijacking in dual stack environments w/MacOS

On Fri, 2 Oct 2015 06:58:43 -0500 Doug McIntyre wrote: > On Fri, Oct 02, 2015 at 03:46:40AM -0400, valdis.kletni...@vt.edu > wrote: > > On Fri, 02 Oct 2015 00:46:47 -0500, Doug McIntyre said: > > > > > I suspect this is OSX implementing IPv6 Privacy Extensions. Where > > >

Re: Question re session hijacking in dual stack environments w/MacOS

On Fri, 02 Oct 2015 00:46:47 -0500, Doug McIntyre said: > I suspect this is OSX implementing IPv6 Privacy Extensions. Where OSX > generates a new random IPv6 address, applies it to the interface, and then > drops the old IPv6 addresses as they stale out. Sessions in use or not. Isn't the OS

Re: Question re session hijacking in dual stack environments w/MacOS

Have a look at JuiceSSH. --Original Message-- From: Mark Tinka Sender: NANOG To: David Hubbard To: nanog@nanog.org Subject: Re: Question re session hijacking in dual stack environments w/MacOS Sent: Sep 29, 2015 03:23 On 26/Sep/15 16:34, David Hubbard wrote: > > Has anyo

Re: Question re session hijacking in dual stack environments w/MacOS

On Tue, Sep 29, 2015 at 09:23:59AM +0200, Mark Tinka wrote: > On 26/Sep/15 16:34, David Hubbard wrote: > > Has anyone run into this? Our users on other platforms don't seem to > > have this issue; linux and MS desktops seem to just use v6 if it's > > available and v4 if not. > > I have been

Re: Question re session hijacking in dual stack environments w/MacOS

On 26/Sep/15 16:34, David Hubbard wrote: > > Has anyone run into this? Our users on other platforms don't seem to > have this issue; linux and MS desktops seem to just use v6 if it's > available and v4 if not. I have been tracking down an issue for months where SSH'ing to some devices (which

Re: Question re session hijacking in dual stack environments w/MacOS

I can¹t speak to every case, but I ran into a similar issue with our WAF product, so I can explain what was happening there. Most Web application firewalls have cross-site request forgery protection. When a form is downloaded, the firewall inserts a hidden field or cookie that contains the IP

Re: Question re session hijacking in dual stack environments w/MacOS

On 2015-09-27 12:24, John Schimmel wrote: Most Web application firewalls have cross-site request forgery protection. When a form is downloaded, the firewall inserts a hidden field or cookie that contains the IP address of the request. When the form is submitted, the firewall then verifies that

Re: Question re session hijacking in dual stack environments w/MacOS

On Sun, 27 Sep 2015 03:34:54 -, "Dovid Bender" said: > But when you're seeing the same session being used from two wildly different > places (in this case, IPv4 and IPv6) at the SAME TIME, that does seem rather > suspicious in the absence of other information. Other information,: Happy

Re: Question re session hijacking in dual stack environments w/MacOS

On Sun, Sep 27, 2015 at 11:25 AM, Connor Wilkins wrote: > My geolocation when connected to WiFi and when using cellular data are > widely different. WiFi reports the city I'm in while cellular reports the > city that their HQ is in. that really depends on the

Re: Question re session hijacking in dual stack environments w/MacOS

On 2015-09-27 03:34, Dovid Bender wrote: But when you're seeing the same session being used from two wildly different places (in this case, IPv4 and IPv6) at the SAME TIME, that does seem rather suspicious in the absence of other information. iOS 9 has a new feature called "Wi-Fi Assist" that

Re: Question re session hijacking in dual stack environments w/MacOS

> From: David Hubbard > Websites that require some type of authentication that is handled via > session cookies have been booting our users out randomly with "your ip > address has changed" type message. This occurs when their Mac decides > to switch between

Re: Question re session hijacking in dual stack environments w/MacOS

On Saturday, September 26, 2015, David Hubbard < dhubb...@dino.hostasaurus.com> wrote: > Hey all, as we've slowly deployed IPv6 to our end users, it has begun to > cause some issues for those on Mac's specifically. Apple apparently has > an algorithm at some point in the network stack to decide

Re: Question re session hijacking in dual stack environments w/MacOS

On 2015-09-26 14:34, David Hubbard wrote: Websites that require some type of authentication that is handled via session cookies have been booting our users out randomly with "your ip address has changed" type message. This occurs when their Mac decides to switch between protocols because the

Re: Question re session hijacking in dual stack environments w/MacOS

‎> Those site eventually learnt after much feedback not to assume on IPv4 address continuity. I could envision that those checks might now be relaxed‎ to checking for address continuity in the same /24 for instance. But when you're seeing the same session being used from two wildly different

Re: Question re session hijacking in dual stack environments w/MacOS

in dual stack environments w/MacOS Sent: Sep 26, 2015 23:19 ‎> Those site eventually learnt after much feedback not to assume on IPv4 address continuity. I could envision that those checks might now be relaxed‎ to checking for address continuity in the same /24 for instance. But when you

Question re session hijacking in dual stack environments w/MacOS

Hey all, as we've slowly deployed IPv6 to our end users, it has begun to cause some issues for those on Mac's specifically. Apple apparently has an algorithm at some point in the network stack to decide whether IPv4 or IPv6 is, perhaps, 'better' or 'faster' at any given point in time during an