| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170109214142.GA6465@mhcomputing.net> Date: Mon, 9 Jan 2017 13:41:42 -0800 From: Matthew Hall <mhall@...omputing.net> To: peter green <plugwash@...link.net> Cc: debian-ipv6@...ts.debian.org, netdev@...r.kernel.org Subject: Re: bad interaction between privacy extensions, prefix lifetimes and protocols that maintain long-term connections. On Sat, Jan 07, 2017 at 03:16:06PM +0000, peter green wrote: > For the main MAC-based address the valid_lft is always short but it is > updated by new RAs so the address remains valid. > > However privacy addresses inherit their valid_lft from the main MAC-based > address and unlike the main address it is not updated causing the addresses > to time out. I believe that the timeout of these privacy addresses is what > is causing my repeated disconnections from IRC. Privacy addresses generally cause me nothing but absolute misery. Despite the MAC address problem I usually end up disabling them just to be able to survive without losing my sanity due to issues like this one. I have had all kinds of applications not work reliably because of them. Including Google Chrome / Chromium etc. IRC also seems like a likely victim, but I wouldn't have noticed because I use it from a system with a static address. Perhaps a workaround would be using the MAC address override ability in the interfaces file pre-up script with "ip link set eth0 address 02:01:02:03:04:08". Randomly generate one fake MAC per boot. Matthew.
Powered by blists - more mailing lists