The first times of an IPv6 denial of service attack appeared, Internet engineers warn

IT expert discovers the first IPv6-based denial of service (DDoS) attack. The computer equipment behind 1,900 IPv6 addresses attacks the target DNS server. Internet engineers warn that this is just a new round of networking. Destroying the little start of activity is just the beginning.

Attack discovery process

Network guru Wesley George recently discovered abnormal traffic-related, it belongs to large-scale attacks against DNS servers, designed to completely destroy the normal ability to resolve DNS servers. As a member of the Neustar’s SiteProtect DDoS Protection Services Working Group, he was collecting malicious traffic packets at the time and realized immediately that “this packet originated from an IPv6 address and pointed to an IPv6 host.”

The scale of the attack is not very alarming – at least far below the record-breaking 1.35 Tbps attack traffic GitHub encountered in recent days – and did not use the attack method specifically for IPv6. However, its characteristics from IPv6 and IPv6 have attracted enough attention and caused security personnel to be highly vigilant.

Computer equipment from 1,900 IPv6 addresses attacked the target DNS server, and most of the devices joined the battle because of infection. Most computing devices in this round of attacks still commonly use IPv4 addresses over the public Internet. As a result, anyone running an IPv6 network needs to ensure that its own network security and mitigation tools have sufficient resilience to counter attacks of equal magnitude and speed on the IPv4 network.

Neustar’s head of research and development Barrett Lyon told in an interview that “The risk is that if you don’t have IPv6 as part of your threat model, you could get blindsided.”
Apart from a few worth noting Exceptions – such as Facebook and LinkedIn, most companies are now introducing IPv6 networks and running them in parallel with IPv4 networks by two separate teams. Lyon, George warned that network engineers will first establish an IPv6 network, and then began to consider security-related matters.

Barrett Lyon pointed out that out of the 1900 IPv6 addresses, 400 originated from misconfigured DNS systems; in addition, nearly one-third of attacks originated from these servers – meaning that malicious parties could use DNS servers to expand their finger-pointing The victim system’s network traffic. This may raise even more significant problems in the future as it shows that there may be a horrifying security risk in the networks that engineers are currently setting up and will still take years to resolve.

Over the years, the Internet community has been working on discovering and fixing various open IPv4 parsers to avoid the above-mentioned DNS scaled-up attacks.

Because Ipv4 address space with scannability, the above goal is indeed possible. However, the IPv6 address space is too large to use the same discovery technology will be very difficult to solve the problem, because of this, any new open parser now appears will become the future terrible potential security nightmare.

Potential security risks that IPv6 brings are:

• Some mitigation tools apply only to IPv4 (this is mainly due to the fact that they usually hard-code IPv4 addresses into the code), or provide only the IPv4 version, and then migrate to the IPv6 form;
• Most IPv6 networks exist in software, not hardware, which means they may hide more security holes;
• Extension packet headers in the IPv6 protocol may also be used as new potential attack vectors.

Facing the actual trend of the gradual popularization of IPv6, we need to take active measures and coping methods based on the security level. As IPv6 gradually becomes the default form of network configuration, these advantages will gradually disappear over time.

From a positive perspective, IPv6 networks are still not popular for attackers, so it is unlikely (at least for now) to focus on developing specialized attack methods for this emerging protocol. The most serious security threat carrier (Internet of Things products) is now almost completely focused on IPv4.

However, a considerable portion of modern mobile devices and PCs have built-in IPv6 support and are enabled by default. Therefore, when IPv6 attacks occur, these devices will be hit hard, and network engineers have not yet noticed the seriousness of such problems.

George proposes that if a network encounters a combination of IPv4 and IPv6 attack traffic, new potential problems will arise. Although system administrators can use all the tools to deal with them, they can only prevent IPv4 traffic. In this case, the network will still be attacked, and the relevant security leaders cannot figure out the reasons.

Currently, most organizations are using a dual-stack system—that is, an independent IPv6 system outside the existing system. Therefore, IPv6 attack activity may damage the routers and switch devices used for parallel operations of the network, and then invade the IPv4 network through backdoor attacks.

Internet engineers reminded system administrators to insist that best practices should be applied to IPv6 networks, that is, all security measures implemented at the IPv4 level should be implemented in the IPv6 world as well.

Source: theregister