Multi-Addresses Amplification DoS Attacks by Native IPv6 and IPv6Tunnels

DoS attacks pose serious threats for the security of IPv4 Internet. With the rapid development of IPv6, similar security problems have progressively appeared and started to influence the normal operation of IPv6 services and networks. This paper studies the multi-addresses property of native IPv6 and IPv6 tunnel hosts. Pointed out that by exploiting this property, attackers could configure huge amount of legal IPv6 addresses and perform DoS attacks on the target by pretending to be normal connections from different hosts. As a result of the huge range of addresses and the control by the same real host, by using new addresses at intervals and coordinating between different connections, this kind of attack could effectively avoid the typical detection and defense processes based on IP addresses. The quantity of virtual attacking hosts could be amplified and the quantity of actual attacking hosts could be reduced. To defense this kind of attack, the method of “defense framework based on addresses classification” (DFAC) is presented. By classifying addresses with different property and constructing property sets, DFAC could perform detection and defense on this kind of amplification attack. Experimental results by proto-system show that DFAC effectively alleviates the influence on system payload caused by these DoS attacks.