Skip to main content
This website is in trial operation, support us!
We gratefully acknowledge support from all contributors.
Contribute Donate

Computer Science > Networking and Internet Architecture

arXiv:2506.04768 (cs)
[Submitted on 5 Jun 2025 ]

Title: Grey Rhino Warning: IPv6 is Becoming Fertile Ground for Reflection Amplification Attacks

Title: 灰犀牛警告:IPv6 正成为反射放大攻击的沃土

Authors:Ling Hu, Tao Yang, Yu Pang, Bingnan Hou, Zhiping Cai, Bo Yu
Abstract: Distributed Denial-of-Service (DDoS) attacks represent a cost-effective and potent threat to network stability. While extensively studied in IPv4 networks, DDoS implications in IPv6 remain underexplored. The vast IPv6 address space renders brute-force scanning and amplifier testing for all active addresses impractical. Innovatively, this work investigates AS-level vulnerabilities to reflection amplification attacks in IPv6. One prerequisite for amplification presence is that it is located in a vulnerable autonomous system (AS) without inbound source address validation (ISAV) deployment. Hence, the analysis focuses on two critical aspects: global detection of ISAV deployment and identification of amplifiers within vulnerable ASes. Specifically, we develop a methodology combining ICMP Time Exceeded mechanisms for ISAV detection, employ IPv6 address scanning for amplifier identification, and utilize dual vantage points for amplification verification. Experimental results reveal that 4,460 ASes (61.36% of measured networks) lack ISAV deployment. Through scanning approximately 47M active addresses, we have identified reflection amplifiers in 3,507 ASes. The analysis demonstrates that current IPv6 networks are fertile grounds for reflection amplification attacks, alarming network security.
Comments: This paper has been accepted by IWQoS 2025 as a short paper
Subjects: Networking and Internet Architecture (cs.NI)
Cite as: arXiv:2506.04768 [cs.NI]
  (or arXiv:2506.04768v1 [cs.NI] for this version)
  https://doi.org/10.48550/arXiv.2506.04768

Submission history

From: Ling Hu [view email]
[v1] Thu, 5 Jun 2025 08:52:39 UTC (253 KB)
Full-text links:

Access Paper:

view license
Current browse context:
cs.NI
< prev   |   next >
new | recent | 2025-06
Change to browse by:
cs

References & Citations

export BibTeX citation

Bookmark

BibSonomy logo Reddit logo

Bibliographic and Citation Tools

Bibliographic Explorer (What is the Explorer?)
Connected Papers (What is Connected Papers?)
Litmaps (What is Litmaps?)
scite Smart Citations (What are Smart Citations?)

Code, Data and Media Associated with this Article

alphaXiv (What is alphaXiv?)
CatalyzeX Code Finder for Papers (What is CatalyzeX?)
DagsHub (What is DagsHub?)
Gotit.pub (What is GotitPub?)
Hugging Face (What is Huggingface?)
Papers with Code (What is Papers with Code?)
ScienceCast (What is ScienceCast?)

Demos

Replicate (What is Replicate?)
Hugging Face Spaces (What is Spaces?)
TXYZ.AI (What is TXYZ.AI?)

Recommenders and Search Tools

Influence Flower (What are Influence Flowers?)
CORE Recommender (What is CORE?)
IArxiv Recommender (What is IArxiv?)

arXivLabs: experimental projects with community collaborators

arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.

Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.

Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs.

Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)