A First: DDoS Attacks on IPv6

Thursday, February 23, 2012 @ 02:02 PM gHale

Call it a back-handed compliment if you will, but the IPv6 network is now large enough that it is starting to get distributed denial of service (DDoS) attacks.

That means there are enough IPv6 end-points to make launching a DDoS over IPv6 possible, said network monitoring and security provider Arbor Networks in their seventh annual Worldwide Infrastructure Security Report.

A ‘Blue Screen of Death’ Comeback
Mozilla Closes Product Suite Holes
Most Not Ready for New Net Protocol
Students Secure New Internet Protocol

IPv6 is a version of the Internet Protocol (IP) intended to succeed IPv4, which is the protocol currently used to direct almost all Internet traffic.

The Internet Engineering Task Force (IETF) developed IPv6 to deal with the long-anticipated IPv4 address exhaustion. Like IPv4, IPv6 is an internet-layer protocol for packet-switched internetworking and provides end-to-end datagram transmission across multiple IP networks. While IPv4 allows 32 bits for an IP address, IPv6 uses 128-bit addresses.

In the survey, Arbor Networks said over 50 percent of infrastructure network operating respondents were, in the context of IPv6 networks, concerned with traffic floods and DDoS attacks. That was the fourth largest concern, behind inadequate feature parity with IPv4, visibility and misconfiguration.

“Time and research has shown that IPv6 is not more secure than IPv4”, the Arbor report said, adding as many devices and operating systems have automatic IPv6 transitioning mechanisms that can cause “accidental IPv6 deployment,” even organizations without a deliberate IPv6 deployment need an IPv6 security program. Although the IPv6 DDoS attacks “in the wild” were a milestone, the report does note their rarity points to low IPv6 market penetration.

Other elements of the report showed hacktivism for political or ideological motivations was the most readily identifiable cause of DDoS attacks at 35%, followed by “nihlism or vandalism” at 31%.

A “normal” DDoS tends to be around 10 Gbps, though during the survey period, the largest reported attack was 60 Gbps, down from the previous year’s high of 100 Gbps, the survey said. The report also noted complex application layer DDoS and multi-vector attacks were becoming more commonplace.

Another notable element in the report is the “overwhelming majority of network operators” fail to contact law enforcement on security matters because of their lack of confidence in the authorities’ willingness and ability to investigate online attack activity.

Leave a Reply

You must be logged in to post a comment.