DDoS, IPv6 is an excuse to talk about

Pierluigi Paganini February 09, 2012

The day has come, Network service providers are reporting the first IPV6 distributed denial-of-service (DDoS) attacks and the event is extremly significat from a secutity point of view. The news has been reported in the Arbor Networks’ 7th Annual Worldwide Infrastructure Security Report.

Despite this king of attacks remain relatively rare, the news must alert the world wide community regarding the incoming threat. DDoS attacks have been largerly used during the operations of protest made by several groups of hacktivist during the last years. A phenomena in continuos grow that is difficult to stem, infact experts of the major security firm believe that ideological and political motivations have become the principal motivation behind the DDoS attacks.

The switchover from the existing address protocol, IPv4, to IPv6 will give to the hackers a great opportunity. With the introduction of the protocol a huge quantity of  new internet addresses is available and those addresses could be used as source for DDoS attack. Attacks based on IPV6 will benefit from switchover due the increased difficulty of identifying and banning the addresses involved in the attacks for which an offender has an availability significantly amplified. Consider also the context in which we operate, migration between protocols is an event to be taken into account and for which companies and governments must be prepared.

The fact the DDoS attacks on IPv6 are not diffused is a clear indication that the protocol is still not widespread but for sure il will attract increasing attention from cyber criminals and governments.

There is a strong correlation between the economic significance of a given technology and criminal activity taking advantage of said technology.

Let’s consider also that the IPv6 network traffic may be un-monitored, masking the real threats on IPv6 networks.  Network devices as Firewalls, IPS and Load-Balancer continue to suffer DDoS attacks.

How to mitigate DDoS attacks?

It has been expected that for DDoS Attack Mitigation Tools most used will be:

  1. Access control lists (ACL)
  2. Intelligent DDoS mitigation systems (IDMS)
  3. Destination-based remote triggered blackhole (D/RTBH) a filtering echnique that provides the ability to drop undesirable traffic before it enters a protected network.
  4. Source-based remote triggered blackhole (S/RTBH) technique allows an ISP to stop malicious traffic on the basis of the source address it comes from
  5. FlowSpec



DDoS attacks are also used in warfare to conduct cyber operations against enemy governments. Group of hackers are also engaged to attacks sensible targets with the intent make unusable services provided by agencies and institutions.

It is happened earlier this year, when Israel has been victim of a true escalation in cyberwar, not identified attackers have in fact pulled down two principal national web sites, the Tel Aviv Stock Exchange and El Al, the national airline. The attackers have used a DDoS attack saturating in a short time the resouces of the web sites making sites inaccessible. The situation has been restored within few hours. Unfortunately defend against such attacks is not easy despite the offensive has not come unexpected.

DDoS attacks are even more dangerous when they are used in conjunction with other types of offense. DDoS attacks are used as a diversionary strategy to distract opposing defenses from the real intent of the attackers. Precisely this strategy was occasionally adopted by organized criminals using botnets to paralyzed target defense systems and then proceed undisturbed in the development of fraud.
This type of attack as simple in construction are candidated to be therefore among the main cyber threats in the short and medium term and the spread of IPv6 protocol could apply a qualitative leap in the offense capabilities of this dangerous technique of attack.




you might also like

leave a comment