IPv6 Internet Seeing Increase In DDoS AttacksBy: Zach Walton - February 21, 2012
Have you moved to the cutting edge of the Internet that is IPv6 yet? If so, did you make the move because you thought it would be safer than IPv4? Well, turns out that may not be true anymore.
In what Arbor Networks called “A Milestone in IPv6 Development,” they detail on their blog the first distributed denial of service attacks on the IPv6 Internet. According to their Worldwide Infrastructure Security Report, respondents said that they had seen DDoS attacks on their networks.
A bar graph from the report that details IPv6 security concerns lists DDoS attacks as the fourth major concern among users. It’s only behind what you would usually see as major concerns which are inadequate IPv4/IPv6 feature parity, visibility and misconfiguration.
The rise in DDoS on IPv6 can be attributed to the fact that there are now more networks using IPv6 according to Arbor. This creates more targets for those who use DDoS attacks to bring down Web sites. IPv6 is seen as a valuable asset for network operators and therefore is seen as valuable to the people who wish to attack them.
A major contributor to the rise in attacks is the number of sources to launch the attacks from. To launch an attack on an IPv6 network, the attack must be launched from the IPv6 Internet. Until now, that has been relatively hard to do as there were not a lot of injection points for the attacks to come from.
Funny enough, there apparently was a security group in Washington in the ‘90s that banked their entire existence on IPv6. They declared that the inherent security of IPv6 would lead to their jobs becoming obsolete. They disbanded under the false hopes that network security would no longer be needed.
Arbor points out that IPv6 is no more secure than IPv4. In fact, IPv6 may be more open to attack because everybody has been focused on fixing the security vulnerabilities in IPv4 since the creation of IPv6 in the mid-90s.
All of this is a good thing, however, as it highlights that IPv6 has reached the point in time where people can start developing ways to counteract DDoS attacks. You can’t very well know how to stop an attack until you live through one, so the increased number of attacks has been nothing but helpful for security groups looking to fix holes in IPv6.
The blog post suggests that networks still on IPv4 need to develop an IPv6 security game plan. This is because IPv6 vulnerabilities can exist in what they call, “apparent IPv4-only deployments.”
Internet security is constantly evolving to meet new threats. Let’s just hope that our lawmakers do their research on these emerging trends before proposing national cybersecurity bills.