Saved in:
Bibliographic Details
Main Authors: Hu, Ling, Yang, Tao, Pang, Yu, Hou, Bingnan, Cai, Zhiping, Yu, Bo
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2506.04768
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866913877649784832
author Hu, Ling
Yang, Tao
Pang, Yu
Hou, Bingnan
Cai, Zhiping
Yu, Bo
author_facet Hu, Ling
Yang, Tao
Pang, Yu
Hou, Bingnan
Cai, Zhiping
Yu, Bo
contents Distributed Denial-of-Service (DDoS) attacks represent a cost-effective and potent threat to network stability. While extensively studied in IPv4 networks, DDoS implications in IPv6 remain underexplored. The vast IPv6 address space renders brute-force scanning and amplifier testing for all active addresses impractical. Innovatively, this work investigates AS-level vulnerabilities to reflection amplification attacks in IPv6. One prerequisite for amplification presence is that it is located in a vulnerable autonomous system (AS) without inbound source address validation (ISAV) deployment. Hence, the analysis focuses on two critical aspects: global detection of ISAV deployment and identification of amplifiers within vulnerable ASes. Specifically, we develop a methodology combining ICMP Time Exceeded mechanisms for ISAV detection, employ IPv6 address scanning for amplifier identification, and utilize dual vantage points for amplification verification. Experimental results reveal that 4,460 ASes (61.36% of measured networks) lack ISAV deployment. Through scanning approximately 47M active addresses, we have identified reflection amplifiers in 3,507 ASes. The analysis demonstrates that current IPv6 networks are fertile grounds for reflection amplification attacks, alarming network security.
format Preprint
id arxiv_https___arxiv_org_abs_2506_04768
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Grey Rhino Warning: IPv6 is Becoming Fertile Ground for Reflection Amplification Attacks
Hu, Ling
Yang, Tao
Pang, Yu
Hou, Bingnan
Cai, Zhiping
Yu, Bo
Networking and Internet Architecture
Distributed Denial-of-Service (DDoS) attacks represent a cost-effective and potent threat to network stability. While extensively studied in IPv4 networks, DDoS implications in IPv6 remain underexplored. The vast IPv6 address space renders brute-force scanning and amplifier testing for all active addresses impractical. Innovatively, this work investigates AS-level vulnerabilities to reflection amplification attacks in IPv6. One prerequisite for amplification presence is that it is located in a vulnerable autonomous system (AS) without inbound source address validation (ISAV) deployment. Hence, the analysis focuses on two critical aspects: global detection of ISAV deployment and identification of amplifiers within vulnerable ASes. Specifically, we develop a methodology combining ICMP Time Exceeded mechanisms for ISAV detection, employ IPv6 address scanning for amplifier identification, and utilize dual vantage points for amplification verification. Experimental results reveal that 4,460 ASes (61.36% of measured networks) lack ISAV deployment. Through scanning approximately 47M active addresses, we have identified reflection amplifiers in 3,507 ASes. The analysis demonstrates that current IPv6 networks are fertile grounds for reflection amplification attacks, alarming network security.
title Grey Rhino Warning: IPv6 is Becoming Fertile Ground for Reflection Amplification Attacks
topic Networking and Internet Architecture
url https://arxiv.org/abs/2506.04768