TL;DR: beware of blind spots in your chain of defense, when running IPv6 - stacks

With IPv6 beeing roughly 50% of the worldwide internet trafic and also an adoption rate of 30-50% in Europe (see charts below), at least for the bigger countries, its time to look at IPv6-DDoS-attacks again

IPv6 Adoption worldwide (client side)

IPv6 adoption Europe

The first time we added IPv6-attackvectors was in 2020, the last time we wrote about IPv6 was 2022, but not much has changed since then:

  • direct path TCP-attacks against open ports with handshakes, garbage or fragmented packets are problematic for firewalls and TCP-stacks, exhausting CPUs and memory with low volume traffic, before even DDoS-thresholds are triggered
  • any mitigation takes longer than in the IPv4-realm and very often human intervention is necessary, most probably because the filters that work in IPv4-space dont fit 1:1
  • 50% of our testcases were successfull and lead to service impact
  • OnPrem-systems showed more issues than cloud-infrastructure

While there is not much detailed reporting on IPv6-attacks by vendors, thei just mention the fact that IPv6-attacks happen, we wouldnt be surprised if threat actors will pick up speed, once they learn how effective these attacks are.

high packet loss on a low volume TCP attack

Upstream-Saturation with a failing DDoS-detection

Happy Fragging!

Discover zeroBS Avydos – the dedicated DDoS threat simulation & testing platform that delivers the the best value for IT security and system architects in today’s modern threat landscape.

With powerful automation including a customizable autopilot, real-time sensors for result analysis, and fully autonomous continuous testing, Avydos allows you to develop enterprise-grade DDoS resilience without the enterprise price tag.

From simple simulations to full-scale modern threat campaigns, zeroBS is the leading DDoS testing partner that delivers maximum impact for minimum spend.

Whether you need quick one-off tests or continuous, autonomous reliability monitoring - zeroBS covers all testing scenarios. Designed for real results, not big budgets.

Resources: