The IoT, IPv6 and DDoS: A Dangerous Mix

Carl Weinschenk

The Internet is awash in new things, and two of them, IPv6 and the Internet of Things (IoT), could potentially lead to a whole lot of trouble. Experts say that it is possible that the new addressing scheme, which is necessary to accommodate the explosion of wireless technology and the billions of IoT devices that are flooding the Internet, will create a landscape that allows malicious hackers (crackers) to launch potentially potent distributed denial of service (DDoS) attacks.

A DDoS attack is launched when crackers take over numerous Internet endpoints and turn them into “bots.” These bots, as the name implies, do the bidding of the bad guys. In a DDoS attack, the bots are instructed to repeatedly send data in an effort to overwhelm the target and take it offline.

Together, the IoT and IPv6 raise a series of concerns, as Rene Papp has pointed out at Dark Reading, writing that a number of factors point to potential danger: Tools aimed at identifying malicious traffic in IPv6 are immature and the devices that translate between IPv4 and IPv6 are “brittle.” The term is a shortcut for the idea that the devices’ CPU, memory and bandwidth tend to be maxed out by the stringent demands of mediating the relationship between IPv4 and IPv6.

The final piece to the puzzle is that the security on IoT devices is not evolved and is not a top agenda item for developers. IoT developers also have to keep things as inexpensive as possible, and security may be one area in which they look to cut costs. This is a real danger: Many of the functions that the IoT devices will provide – such as monitoring heart patients and keeping tabs on the security of power plants – make it dangerous for them to be offline for extended periods of time.

The sense is that experts are just getting their arms around the issues. At CircleID, Ram Mohan, the vice president and CTO for Internet domain name registry Afilias, pointed to the Simple Service Discovery Protocol (SSDP) as a potential problem. This is an IoT protocol that enables “bypass server-based mechanisms” that in turn enable streamlined communications by devices on the same network. This makes it easier for the IoT to scale. The shortcut comes with a price, however:

So that little wireless activities tracker you wear on your wrist (Fitbit, Apple Watch, and many others) which you love as it syncs up your health data on your cell phone and your company tablet? With a little bit of malware, it can turn into the zombie device that you fear: it can attack any server without your noticing until it's too late!

The potential problems could be large.

“Within IPv6, there are a couple of features that make it more susceptible to DoS attacks,” said Johannes Ullrich, Ph.D, the CTO of SANS' Internet Storm Center. “One problem with DoS [and DDos] attacks is that many of them originate from spoofed addresses. That makes it harder to track them down. In IPv6, there are so many addresses it is easier to spoof addresses. In the end, it comes down to the same problem as in IPv4, which is that spoofing is possible if the ISP is not filtering correctly.”

The good news, at least for the time being, is that virtually none of the IoT devices using IPv6 are connected directly to the Internet. They are on subnetworks or in some way cordoned off from direct contact, according to Tom Coffeen, the IPv6 evangelist for Infoblox.

The fact that we are in a transition from IPv4 to IPv6 is helping stave off a problem – at least temporarily. “These IoT devices are not connected to the Internet directly over their IPv6 addresses,” Coffeen said. “If there is not…they can only attack via the gateway.”

The fact that the IPv6 IoT world is safely tucked away from direct contact with Internet – and thus its dangers -- is countered, to some extent, by the fact that IPv6 DDoS attacks are occurring, wrote Lisa Beegle, SIRT manager at Akamai. “Yes, we have identified a limited number of observed IPv6 attacks documented to date,” she wrote. “The Akamai research team has also observed some IPv6 tools and we believe that they will continue to evolve.”

These attacks may not be IoT specific. It’s only a matter of time, however, before they are. At that point – when, in essence, the training wheels come off the IoT and IPv6 – those billions of poorly secured devices will be accessible to crackers. The bad guys will be ready. Let’s hope security forces will be as well.

Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at and via twitter at @DailyMusicBrk.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.