Report: IPv6 sees first DDoS attacks
Calling it a "milestone in IPv6 deployment", Arbor Networks notes that respondents in its seventh annual Worldwide Infrastructure Security Report said they observed distributed denial of service attacks on their IPv6 networks. There are now, says the network monitoring and security provider, enough IPv6 end-points to make launching a DDoS over IPv6 possible. In a blog posting, Arbor Networks showed that just over 50 per cent of infrastructure network operating respondents were, in the context of IPv6 networks, concerned with traffic floods and DDoS attacks. As IPv6 concerns, these come in fourth behind inadequate feature parity with IPv4, visibility and misconfiguration.
"Time and research has shown that IPv6 is not more secure than IPv4", says Arbor, and suggests that as many devices and operating systems have automatic IPv6 transitioning mechanisms which can cause 'accidental IPv6 deployment', even organisations without a deliberate IPv6 deployment need an IPv6 security program. Although the IPv6 DDoS attacks "in the wild" were a milestone, the report does note that their rarity points to low IPv6 market penetration.
Other elements of the report showed that hacktivism for political or ideological motivations was the most readily identifiable cause of DDoS attacks at 35%, followed by "nihlism or vandalism" at 31%. A "normal" DDoS tends to be around 10 Gbps, though during the survey period, the largest reported attack was 60 Gbps, down from the previous year's high of 100 Gbps. The report also notes that complex application layer DDoS and multi-vector attacks were becoming more commonplace. Another notable element is that the "overwhelming majority of network operators" fail to contact law enforcement on security matters because of their lack of confidence in the authorities' willingness and ability to investigate online attack activity.
- World IPv6 Launch on 6 June, a report from The H.