Are you ready to launch IPv6 securely?


Did you know that 6 June 2012 is IPv6 launch day?

Nope me neither, but according to the Internet Society it is and everyone, it says, should be thinking about making the permanent move from their current IPv4 network to the new whizz-bang IPv6 one.

So will you be one of them? More to the point, are there any pressing security reasons why you shouldn't?

Arbor Networks has published the results of some research into the first wave of Distributed Denial of Service (DDoS) attacks on IPv6 networks, and the good news is that the figure is pretty damn low with just four per cent of those operating such networks reporting DDoS activity.

Time and research has shown that IPv6 is not more secure than IPv4.

In fact, the chances are high that these are not actually the first DDoS attacks against IPv6 networks at all, but rather the first ones that have been detected and reported. Which is also good news. It means that, at long last, we are starting to see discussions on this kind of threat in relation to IPv6.

But in less good news, the reports of DDoS attacks targeting IPv6 networks do suggest that as adoption amongst organisations picks up pace, so does the value to the bad guys.

Indeed, the fact that these attacks are happening at all suggests that the bad guys are also adopting IPv6 as they need a platform from which to launch them, and that platform has to be an IPv6 endpoint. That they have managed to compromise enough of these to launch DDoS attacks at all is worrying, and raises questions about how well those networks are being secured against such an eventuality.

"More than six years ago, one of the frequent rallying points for IPv6 was that it was more secure than IPv4... Time and research has shown that IPv6 is not more secure than IPv4," said Arbor Networks engineer Bill Cerveny.

Many security experts with an engineering bent seem to readily agree, with the consensus of opinion being that the notion of greater security was based around the time at which IPv6 was being developed (mid-nineties) when the internet had not yet experienced the growth we have seen since. That growth had a knock-on effect of creating masses of fresh security threats.

While IPv6 may well have been 'more secure' in terms of the earliest threats, there is really no great body of evidence to suggest it has any real advantage over IPv4 when it comes to the current threatscape. The truth is that it's just as exposed, and possibly more so. We have already seen evidence of old IPv4 threats surfacing on IPv6 and there will be IPv6 specific vulnerabilities to throw into the risk assessment mix as well.

So is that reason enough to think that the Internet Society has jumped too soon with the IPv6 launch day idea? Certainly not. IPv6 has been around for what seems like forever (especially given the never-ending media obsession with reporting how many IP addresses it can support) and DNS use within IPv6 was given the go-ahead in 2008 to coincide with the Olympic Games of that year, which made good use of it. Today some three per cent of domain names and 12 per cent of internet connected networks support IPv6 according to the Global IPv6 Deployment Progress Report.

Davey Winder

Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.

Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.

You can follow Davey on Twitter @happygeek, or email him at