How to Deal With DDoS Attacks on a Global Scale

IPv6 Is Already Here

New Network Security Challenges Under IPv6

  • Hackers may exploit the Next Header feature of the IPv6 protocol to launch DoS attacks. For example, a hacker may exploit the Type 0 Routing header vulnerability of two servers to bounce carefully crafted data packets back and forth between the two servers so that link bandwidth is exhausted, or make valid IP addresses bounce packets by bypassing source IP address restrictions.
  • Hacker may exploit the Neighbor Solicitation (NS), Neighbor Advertisement (NA), Router Solicitation (RS), and Router Advertisement (RA) messages of IPv6 to launch DoS or DDoS attacks.
  • IPv6 supports automatic stateless configuration. A large number of available IP addresses that may exist under subnets are easy targets to launch random source DDoS attacks.
  • IPv6 adopts end-to-end fragmentation and reassembly, which may expose vulnerable servers to DoS attacks through carefully crafted packet fragments.

The Attack and Defense Situation in IPv6 Has Changed

Best Practices of IPv6 DDoS Defense by Alibaba Cloud

Challenges and Changes

  • Networks and DDoS defense systems must be transformed or even redeveloped to support IPv6. Many enterprises with mature IPv4 networks must replace devices and redevelop systems for their networks and servers to support IPv6 and its security features. Some enterprises hope for carriers to provide a smooth transition solution, but carriers will only transform and upgrade within their network boundaries. Enterprises must transform and upgrade by themselves to support IPv6.
  • The total number of IPv6 addresses is more than that of IPv4 addresses by 296 times. More powerful processing performance is required to defend against attacks that are launched by using massive IP addresses.
  • The carrier-level IPv6 black hole capability is required to prevent high-traffic DDoS attacks.
  • Defense algorithms and modes must meet the new challenges of IPv6.
  • The IPv6 security capability is required to protect services that are switched to IPv6 networks.

IPv6 Implementation by Alibaba Cloud

Security Recommendations

Original Source

--

--

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com