DNS dictionary attack came from around 1,900 different hosts on over 650 varying networks
A first of its kind IPv6 DDoS attack hit servers over the weekend, raising a red flag for the future era of cyber-crime, according to global web security firm, Neustar.
The DNS threat – which was successfully defended against – came from approximately 1,900 different native hosts, on more than 650 networks. It targeted Neustar’s authoritative DNS service and highlights the worrying deployment of new methods being carried out by hackers.
While Internet Protocol version 4 (IPv4) provides approximately 4.3 billion addresses, making it a risk in itself, the total number of possible IPv6 addresses is more than 7.9×1,028 times that, giving cyber-criminals even more surfaces to target.
Barrett Lyon, Head of Research and Development at Neustar said, “We’ve been monitoring the increasing deployment of IPv6 for a while now and have seen certain indicators of it hitting critical mass. This weekend’s attack was however, the first actionable attempt from hackers. Businesses now need to treat IPv6 as a first class citizen, as well as an important part of their security profile.”
Previously, organisations implementing software that uses network connectivity have been advised to write code with the ability to call protocol-agnostic networking libraries, which meant that in cases where the software didn’t need to consider whether it was on an IPv4 or IPv6 network, it would use whatever was available and preferred by the network. This also encouraged those that write bots and worms likely to follow the same practices.
Wesley George, Principle Engineer, SiteProtect NG Network Engineering, Neustar, added, “If security teams are not considering IPv6 traffic as a part of their threat model, regardless of the type of the attack, they stand to be caught unprepared for whatever the next big headline attack might be. Across the industry, we have known that IPv6 attacks were going to start as IPv6 deployment started to reach a tipping point, and that tipping point is now here, so it is critical the organisations take IPv6 attack vectors seriously and ensure they have a plan to address them – just like IPv4.”
