DDoS, IPv6 is an excuse to talk about

The day has come, Network service providers are reporting the first IPV6 distributed denial-of-service (DDoS) attacks and the event is extremly significat from a secutity point of view. The news has been reported in the Arbor Networks’ 7th Annual Worldwide Infrastructure Security Report.

Despite this king of attacks remain relatively rare, the news must alert the world wide community regarding the incoming threat. DDoS attacks have been largerly used during the operations of protest made by several groups of hacktivist during the last years. A phenomena in continuos grow that is difficult to stem, infact experts of the major security firm believe that ideological and political motivations have become the principal motivation behind the DDoS attacks.

The switchover from the existing address protocol, IPv4, to IPv6 will give to the hackers a great opportunity. With the introduction of the protocol a huge quantity of  new internet addresses is available and those addresses could be used as source for DDoS attack. Attacks based on IPV6 will benefit from switchover due the increased difficulty of identifying and banning the addresses involved in the attacks for which an offender has an availability significantly amplified. Consider also the context in which we operate, migration between protocols is an event to be taken into account and for which companies and governments must be prepared.

The fact the DDoS attacks on IPv6 are not diffused is a clear indication that the protocol is still not widespread but for sure il will attract increasing attention from cyber criminals and governments.

There is a strong correlation between the economic significance of a given technology and criminal activity taking advantage of said technology.

Let’s consider also that the IPv6 network traffic may be un-monitored, masking the real threats on IPv6 networks.  Network devices as Firewalls, IPS and Load-Balancer continue to suffer DDoS attacks.

How to mitigate DDoS attacks?

It has been expected that for DDoS Attack Mitigation Tools most used will be:

  1. Access control lists (ACL)
  2. Intelligent DDoS mitigation systems (IDMS)
  3. Destination-based remote triggered blackhole (D/RTBH) a filtering echnique that provides the ability to drop undesirable traffic before it enters a protected network.
  4. Source-based remote triggered blackhole (S/RTBH) technique allows an ISP to stop malicious traffic on the basis of the source address it comes from
  5. FlowSpec



DDoS attacks are also used in warfare to conduct cyber operations against enemy governments. Group of hackers are also engaged to attacks sensible targets with the intent make unusable services provided by agencies and institutions.

It is happened earlier this year, when Israel has been victim of a true escalation in cyberwar, not identified attackers have in fact pulled down two principal national web sites, the Tel Aviv Stock Exchange and El Al, the national airline. The attackers have used a DDoS attack saturating in a short time the resouces of the web sites making sites inaccessible. The situation has been restored within few hours. Unfortunately defend against such attacks is not easy despite the offensive has not come unexpected.

DDoS attacks are even more dangerous when they are used in conjunction with other types of offense. DDoS attacks are used as a diversionary strategy to distract opposing defenses from the real intent of the attackers. Precisely this strategy was occasionally adopted by organized criminals using botnets to paralyzed target defense systems and then proceed undisturbed in the development of fraud.
This type of attack as simple in construction are candidated to be therefore among the main cyber threats in the short and medium term and the spread of IPv6 protocol could apply a qualitative leap in the offense capabilities of this dangerous technique of attack.




Pierluigi Paganini: Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

This website uses cookies.