'First True' Native IPv6 DDoS Attack Reported

By CircleID Reporter

Possibly the first documented native IPv6 DDoS attack reported today suggests a DNS dictionary attack which originated from around 1,900 different native IPv6 hosts, on more than 650 different networks. Mark Mayne reporting in SC Media: "The distributed attack demonstrates that hackers are deploying new methods for IPv6 attacks, as widely predicted, not simply replicating IPv4 attacks using IPv6 protocols… [Barrett Lyon, head of research and development, Neustar, says:] We've been expecting this event for a while, but it has now happened. We've also seen a real ramping up of IPV4 attacks this year too — nearly double compared to the same period in 2017 — but IPV6 attacks present some unique issues that can't be easily solved. One example is the sheer number of addresses available to an attacker can exhaust the memory of modern security appliances..."

Related topics: Cyberattack, Cybersecurity, DDoS, IPv6


18446744073709551615 addresses Phil Howard  –  Mar 02, 2018 8:41 PM PDT

yep, there are more addresses.  but not as many as a lot of people think there are.  just consider the first 64 bits.  in most cases this is one user.  when blocking an attack source, don't bother with more than 64 bits.  when looking at where an attack might be going, don't bother with more than 64 bits.  consider the remaining 64 bits of the 128 bit address field as garbage; there's nothing in there that helps diminish the attack.