DDoS Attack Traffic Against IPv6 Is Growing. What Now?

In 2022, the cybersecurity landscape witnessed a shift as malicious actors increasingly leveraged the IPv6 protocol to carry out DDoS attacks.

Most DDoS attacks still occur on the IPv4 protocol. But in our 2023 Threat Intelligence Report, the Corero threat research team observed a notable 600% increase in the share of DDoS traffic carried by the IPv6 protocol last year.

This shift indicates that cybercriminals are increasingly adapting their tactics to exploit the unique vulnerabilities of IPv6, which offers the potential to launch larger DDoS attacks over an increased address space.

What is IPv6?

Internet Protocol version 6, or IPv6, is the most recent version of the Internet Protocol. It was developed to succeed IPv4, which has been running out of available IP addresses due to the exponential growth of internet-connected devices.

Unlike IPv4, which uses a 32-bit format, IPv6 uses 128-bit addressing. This allows for an enormous number of unique addresses and enables the internet to accommodate the growing number of internet-connected smartphones, tablets, and Internet of Things (IoT) devices.

IPv6 also offers several improvements over IPv4. One significant enhancement is the simplified address assignment process, making it easier for network administrators to allocate and manage addresses. Additionally, IPv6 incorporates built-in support for features like auto-configuration and network mobility, and it enables more efficient routing.

With its enhanced scalability and improved features, IPv6 is expected to provide a solid foundation for the internet’s continued growth.

The IPv6 DDoS attack landscape

It’s challenging to accurately assess the full extent of IPv6 protocol use on the internet today. A wide range of IPv6 growth statistics are commonly quoted, and it’s impossible to know exactly how many IPv6 addresses are in use.

From the perspective of DDoS attacks, IPv4 is still the dominant protocol right now. The majority of traffic traversing the internet is still IPv4, and the majority of DDoS victims present themselves to the Internet via IPv4. The vast majority of DDoS weapons and vulnerabilities are also still based upon IPv4, with the most common examples being the widely used reflection and amplification vectors. But it’s expected that this will change in the years ahead.

Rising DDoS traffic on the IPv6 protocol

While IPv6 DDoS attacks are neither as prevalent nor as large as those happening over IPv4, they are becoming increasingly frequent. These attacks can be replicated from IPv4 protocols, and they are growing in sophistication as more and more devices adopt IPv6 addresses.

In 2022, our threat research team saw a 600% increase in the share of malicious DDoS traffic carried by the IPv6 protocol. We expect to see this growth continue in the coming months and years as attackers continue shifting their focus to exploitable IPv6 services.

While IPv4 and IPv6 have generally similar security postures, IPv6 is expected to bring some unique security challenges. For instance, it’s more difficult to prevent application-layer DDoS attacks — such as HTTP flooding, malicious ticket brushing, and crawlers — under this newer protocol. And, at least initially, IPv6 DDoS attacks may be more effective because many enterprises are not equipped to defend against them.

Right now, DDoS attacks over IPv6 are an under-recognized problem. Many DDoS mitigation tools aren’t fully IPv6-aware yet, and many network security devices haven’t been configured to offer the same safeguards to IPv6 traffic as IPv4 traffic.

How to protect against DDoS traffic on IPv6

Protecting against DDoS traffic on IPv6 requires a combination of network design, traffic monitoring, and mitigation techniques. Here are some measures you can take to protect your network against IPv6 DDoS attacks:

Perform traffic monitoring

With small DDoS attacks often flying under the radar until they’ve caused significant damage, better traffic monitoring and analysis is crucial for both IPv4 and IPv6 protocols. Companies should be sure to use DDoS aware network traffic monitoring solutions to detect, alert on and analyze anomalous traffic patterns.

Employ leading DDoS protection tools

Many DDoS attacks are already difficult for legacy solutions to detect. Add in the challenges posed to security solutions from the IPv6 protocol, and the need for up-to-date defenses becomes clear. Organizations should seek out a flexible DDoS protection solution with the following features:

Dynamic DDoS protection, for both IPv4 and IPv6.
Automatic detection and response.
Managed services and personalized support.
Industry-leading threat research.
And much more.

Ultimately, protecting against IPv6 DDoS attacks requires a multi-layered approach with continuous monitoring and regular updates to your network security practices. Explore how our SmartWall One platform can be part of that strategy by scheduling time to speak with an expert today.