Home / News

‘First True’ Native IPv6 DDoS Attack Reported

Possibly the first documented native IPv6 DDoS attack reported today suggests a DNS dictionary attack which originated from around 1,900 different native IPv6 hosts, on more than 650 different networks. Mark Mayne reporting in SC Media: “The distributed attack demonstrates that hackers are deploying new methods for IPv6 attacks, as widely predicted, not simply replicating IPv4 attacks using IPv6 protocols… [Barrett Lyon, head of research and development, Neustar, says:] We’ve been expecting this event for a while, but it has now happened. We’ve also seen a real ramping up of IPV4 attacks this year too—nearly double compared to the same period in 2017—but IPV6 attacks present some unique issues that can’t be easily solved. One example is the sheer number of addresses available to an attacker can exhaust the memory of modern security appliances…”

By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under


18446744073709551615 addresses Phil Howard  –  Mar 3, 2018 3:41 AM

yep, there are more addresses.  but not as many as a lot of people think there are.  just consider the first 64 bits.  in most cases this is one user.  when blocking an attack source, don’t bother with more than 64 bits.  when looking at where an attack might be going, don’t bother with more than 64 bits.  consider the remaining 64 bits of the 128 bit address field as garbage; there’s nothing in there that helps diminish the attack.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



New TLDs

Sponsored byRadix


Sponsored byVerisign

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byDNIB.com