Time: March 16, 2012

Main content:

The annual research report released by the US information security company Arbor Networks on Wednesday shows that the next-generation Internet, IPv6 Internet is more vulnerable to DDoS attacks than the current IPv4 Internet.

The IPv6 technology now is still immature, and this technology also has defects with respect to withstanding DDoS attacks. The report says: “This marks a significant milestone in the arms race between attackers and defenders. We think that as the IPv6 is deployed more widely, the DDoS attacks against IPv6 will be more and more extensive and common.”

Up till now, the IPv6 network has not suffered too many DDoS attacks. In the investigation, only 4% of respondents said they had experienced the IPv6 network suffer such attacks. However, this phenomenon should still arouse concerns.

In DDoS attacks, a lot of computers access the target server at the same time, causing a sharp increase in the server’s traffic and preventing it from providing services normally. Sometimes, such attacks are launched through the zombie network for criminal purposes. However, most attacks launched by the hacker organization Anonymous are protests made to express different views.

Through DDoS attacks, attackers send a large amount of traffic to a certain specific Internet address. At present, most Internet addresses are IPv4 addresses. IPv6 addresses are still being deployed gradually now. There are two reasons why the IPv6 network is more vulnerable to attacks.

First, the architecture of the IPv6 network is still immature, and many network operators lack the ability to control network traffic in order to differentiate DDoS attacks from normal traffic. Second, the gateway between the IPv4 network and the IPv6 network has to store a large amount of traffic status information. Such equipment is very vulnerable.

However, Arbor Networks predicted that protection for the IPv6 network would be strengthened. The report says: “20 percent of respondents indicated that they had no plan to mitigate the DDoS attacks IPv6 suffered. However, we think that with the increase of the IPv6 traffic, these organizations will change quickly.” In the IPv6 network, the cost of withstanding DDoS attacks is high, but so is the cost of DDoS attacks.