Cybercriminals have started launching distributed denial-of-service (DDoS) attacks against networks that transmit data over IPv6 (Internet Protocol version 6), according to a report published recently by DDoS mitigation vendor Arbor Networks.
Even though 2011 was the first year when IPv6 DDoS attacks were recorded, such incidents remain rare because they are not economically relevant for Internet criminals, said Bill Cerveny, a senior software quality assurance engineer at Arbor.
Some companies have projected increases of more than 100 percent for their IPv6 traffic volumes over the next 12 months, but the changes will be insignificant compared to the overall traffic volume.
The majority of organizations remain reluctant to switch to the new IP protocol version because their existent network security and traffic analysis equipment is not fully compatible with it.
Sixty-five percent of respondents to Arbor Network’s 7th annual Worldwide Infrastructure Security Report said that their main concern is the lack of feature parity between IPv4 and IPv6, while 60 percent expressed concerns that they cannot properly analyze IPv6 traffic.
“Many infrastructure solutions currently do not offer the same features and functionality for IPv6 as they do for IPv4,” Cerveny said via email. “This lack of feature parity means that security teams do not have the same visibility and mitigation capabilities when trying to identify and block IPv6-based attacks against targets.”
“We see IPv6 attacks as an emerging threat,” said Neal Quinn, vice president of operations at DDoS mitigation vendor Prolexic, in a phone interview. Quinn believes that the current IPv6 DDoS attacks are most likely tests performed by malware writers who want to be prepared when large Internet service providers will start switching their subscribers to IPv6.
Prolexic is investigating what issues could arise on routers that support both IPv6 and IPv4 stacks, because these will be increasingly important as companies create bridges between IPv6 and IPv4 networks.
“The issue of having infrastructure equipment with the same capabilities to defend against both IPv4 and IPv6 attacks is critical,” said Cerveny. “As our security report findings show, it is critical for network operators to address this discrepancy.”