Attacks/Breaches

11/2/2015
10:30 AM
Rene Paap
Rene Paap
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

IPv6 And The Growing DDoS Danger

IPv6 and the Internet of Things have arrived -- and with them an enormous potential expansion for distributed denial-of-service (DDoS) attacks.

The number of connected devices is growing exponentially, with one billion new IoT devices expected to ship this year alone. As such, IPv4 addresses have been exhausted, but IPv6 is on deck to address this concern. The new system allows for 2^128 IP addresses (in comparison, IPv4 only carried 2^32 possible IP addresses). So everything is fine, right?

Sadly, no.

While IPv6 will certainly aid in accommodating the growth of new connected phenomena, such as the Internet of Things (IoT), adoption at the moment is slow. And because IPv6 occupies such a relatively small space, Internet security implementations that take it into full consideration are also lagging. This leaves a lot of networks vulnerable to distributed denial of service (DDoS) attacks.

DDoS attacks occur when Internet hackers use infected hosts to control connected devices remotely and make unwilling devices (bots) send malicious traffic to their target of choice. The target organizations are flooded with traffic, thus restricting or disabling service for legitimate traffic, or crashing the victim network. The most recent Verizon Data Breach Investigations Report noted:

“Distributed denial-of-service attacks got worse again this year with our reporting partners logging double the number of incidents from last year…We saw a significant jump in…attacks [that] rely on improperly secured services, such as Network Time Protocol (NTP), Domain Name System (DNS), and Simple Service Discovery Protocol (SSDP), which make it possible for attackers to spoof source IP addresses, send out a bazillion tiny request packets, and have the services inundate an unwitting target with the equivalent number of much larger payload replies.”

While most DDoS attacks do not, at present, involve IPv6, both the number and size of these attacks are rising, and IPv6 brings with it particular vulnerabilities. According to a recent CNET article: “First, with the relatively immature network infrastructure, many network operators don't have the ability to scrutinize network traffic well enough to distinguish DDoS attacks from benign traffic. Second, gateways that link IPv4 and IPv6 must store lots of ‘state’ information about the network traffic they handle, and that essentially makes them more brittle.”

The Internet of Things is also adding to the threat, according to an InfoSec Institute report “Internet of Things: How Much are We Exposed to Cyber Threats? The report, published earlier this year, cited the possibility of cyber criminals stealing sensitive information by hacking or compromising IoT devices to run cyberattacks against third-party entities using routers, SOHO devices or SmartTVs. “IoT devices manage a huge quantity of information, they are capillary distributed in every industry,” the report noted, “and, unfortunately, their current level of security is still low.”

And therein lies the nightmare scenario. We now have IPv6, accompanied by immature visibility tools; gateways between IPv4 and IPv6 that are brittle and precarious; and the unprecedented proliferation of relatively unsecure IoT devices, replete with those brand-spanking-new IPv6 vulnerabilities, all creating ubiquitous potential fuel for botnets. The reality is precisely as desperate as it sounds.

The best course of action to prepare for an onslaught of DDoS attacks exploiting IoT and IPv6 adoption is to ensure that your enterprise network security system can support the many connections from so many more connected devices. Also ensure the IPv6 support is on par with the IPv4-based feature set. Most attacks are carried out over IPv4, and by shifting over to IPv6, the attacker could bypass the defenses that only inspect IPv4 traffic. Meanwhile, IPv6-specific attack vectors have been reported

IPv6 and the IoT have arrived, and with them comes an enormous expansion in DDoS attack potential. 

 

Rene Paap is a networking professional with over 15 years of experience. Through previous roles as a technical marketing engineer, he developed a thorough understanding of networking technologies. Rene's specialties include product assessment, position analysis, Ethernet, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Tirou
50%
50%
Tirou,
User Rank: Apprentice
12/13/2015 | 4:43:44 PM
More information on this topic?
Does anyone have some more info about dangerous influence of IPv6 in connection of DDoS attacks?
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
Election Websites, Backend Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-8405
PUBLISHED: 2018-08-15
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, ...
CVE-2018-8406
PUBLISHED: 2018-08-15
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique...
CVE-2018-8412
PUBLISHED: 2018-08-15
An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka "Microsoft (MAU) Office Elevation of Privilege Vulnerability." This affects Microsoft Office.
CVE-2018-8414
PUBLISHED: 2018-08-15
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.
CVE-2018-8398
PUBLISHED: 2018-08-15
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, W...