| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 7 Jan 2017 15:16:06 +0000 From: peter green <plugwash@...link.net> To: debian-ipv6@...ts.debian.org, netdev@...r.kernel.org Subject: bad interaction between privacy extensions, prefix lifetimes and protocols that maintain long-term connections. I just switched my main machine to a new one. After doing so I noticed my connections to IRC were dropping about once per hour. The old machine had been running a mixed mess of Debian versions while the new machine is running Debian stretch. A critical difference between the old and new machines is that the old machine had privacy extensions disabled while the new machine had them enabled. Disabling privacy extensions solved the issue but obviously reveals the MAC address of my new machine to the world which is undesirable. My ISP (a major provider in the UK) router sets a relatively short valid_lft of about 1 hour. Presumably so any changes to the ISP-allocated address will be picked up quickly by clients. For the main MAC-based address the valid_lft is always short but it is updated by new RAs so the address remains valid. However privacy addresses inherit their valid_lft from the main MAC-based address and unlike the main address it is not updated causing the addresses to time out. I believe that the timeout of these privacy addresses is what is causing my repeated disconnections from IRC.
Powered by blists - more mailing lists