IPv6 introduces a much larger address space than IPv4 and with it there are many new techniques in creating and mitigating DDoS attacks. What are some examples of risks and mitigations?
For example, with the additional address space of IPv6 is there a new set of Bogon IPs that can be filtered?
Is there any proof-of-work or whitelisting possible for valid connections?
Are there any features inherent to IPv6 that could influence DDoS risk (positively or negatively) ?
Remember that IPv6 is not that different than IPv4.
Layer 2 is still the same, as is Layer 4 and above. Routing protocols also remains the same.
So a good old "lets fill the victims internet link" attack, works similar in IPv6, but with different tools. What one could hope, is that ISP's does a better job stopping spoofed adresses from leaving their network when they implement IPv6.
Is there a new set of Bogon IPs that can be filtered?
Yes, and it's expansive. https://github.com/autocracy/python-ipy/blob/d051b1ce7938f5eef6ea75bc72c51509b568b6ca/IPy.py#L36 is a decent start to look at how allocations are setup. See the IPv6ranges table.
Is there any proof-of-work or whitelisting possible for valid connections?
That one I don't know anything helpful for.
Are there any features inherent to IPv6 that could cause a DDoS risk or be used as a mitigation?
Yes, the massive address space can present an issue locally since any incoming message would typically result in the router trying to find a L2 address to forward the packet to. Every address can result in a new solicitation, so that's a negative effect. See https://www.rfc-editor.org/rfc/rfc6164#section-5.2
If you are interested in IPv6 security then you should look at the ipv6hackers mailing list: http://lists.si6networks.com/listinfo/ipv6hackers
Tools you should look at include thc-ipv6 at http://www.thc.org/thc-ipv6/ and the IPv6 Toolkit at http://www.si6networks.com/research/tools.html
Bogon lists are maintained by Team Cymru, just like for IPv4: http://www.team-cymru.org/Services/Bogons/. Do not use static hard coded bogon lists. They will be outdated. If you need bogon lists make sure to maintain and update them, or use a live feed.
