For the Internet to make use of the advantages of IPv6 over IPv4, most hosts will eventually need to deploy this protocol. While many individuals look forward to the full deployment of IPv6, the transition to IPv6 doesn’t mean the networking world will somehow be totally secure. This was made clear by the recent report that Arbor Networks has reported the first IPv6 DDoS attacks against their networks. This is a clear paradigm shift since just a few years ago there were hardly more than a few thousand IPv6 systems connected to the Internet. That has changed, and as more and more users transition to IPv6, so will the threat of new network attacks.
IPv6 offers many improvements over IPv4 and has built in support for IPSec. However, that does not mean that attackers cannot find new and interesting ways to target the protocol. Just consider how last year a vulnerability was discovered in the IPv6 network discovery protocol that will allow a nearby attacker to intercept traffic or cause congested links to become overloaded.
It’s important to keep in mind that much of the work on IPv6 was done in the 1990’s before security had become the driving concern it is today. While moving to IPv6 does offer many advantages, it will not ease the burden of the security professional. IPv6 faces a number of very different kinds of attack strategies than IPv4. Proactive organizations will continue to need IT security specialists that understand the protocols and how they may be misused in new and emerging threats.