DDoS attacks get smaller, as IPv6 hits detected

Hacktivism based on ideology poses the greatest challenge to businesses, as the first distributed denial-of-service (DDoS) attacks against the IPv6 infrastructure are detected.

According to the Arbor Networks' worldwide infrastructure security report, ideologically motivated ‘hacktivism' is the single most readily identified motivation behind DDoS attacks, as opposed to being competition, extortion or financially driven.

It claimed that large volumetric DDoS attacks were the "new normal", as during the survey period of October 2010 to November 2011 attacks in the Gbps range were detected.

Darren Anstee, EMEA solutions architect at Arbor Networks, told SC Magazine: “We are starting to see attacks go up again and we see more than one attack per month.

“With large attacks, the maximum size has fallen back. Last year there were 100GB attacks and now 60GB is more common.”

Arbor claimed that despite the decline in the size of attacks, network operators should not misconstrue this as a decrease in their severity – an attack in the tens of gigabits per second is more than sufficient to down a business.

The report also said that respondents to this year's survey observed IPv6 DDoS attacks on their networks, confirming that network operators must have sufficient visibility and mitigation capabilities to protect IPv6-enabled properties.

Anstee said: “While this is the first instance of reported IPv6 DDoS attacks, there are enough attacks (four per cent reported them) to make a response, and that will grow in the future. Attacks are focused on where they see value.

“This is a clear indication that while IPv6 deployments continue to advance, IPv6 is not yet economically or culturally significant enough to warrant serious attention by the Internet criminal underground.”

Asked if this sort of advanced attack could be mitigated, Anstee said that while these attacks are large, they can be dealt with as they are easy to detect. “The worry is the growth in application-layer attacks and those against government web services. They are using other sophisticated attack vectors as a lot of apps run over port 80, and if an attack is against a web service then you will have problems,” he said.

Sign up to our newsletters