The Internet Protocol version 6 (IPv6) is designed to address the issue of address exhaustion in Internet Protocol version 4 (IPv4). In conjunction with expanding the address space from 32 bits to 128 bits, IPv6 introduces a number of changes. For example, IPv6 increases the number of bits that is used to number the hosts in a subnet, and moves from a media-based Address resolution Protocol (ARP) to an IP-based Neighbor Discovery protocol. IPv6 subnets are defined by the standards to have at least 64 bits for numbering the hosts, where before a subnet might have 6 to 12 bits for numbering the hosts.
Operators and security analysts have noticed a problematic effect of the new larger subnets. The numbering space for a subnet is now 16 quintillion entries. Clearly, no subnet will use any noticeable fraction of these entries.
One problem with the larger subnet is that a remote attacker could send a series of packets to a subnet, addressed to different randomly chosen potential hosts. In the current practice, this would cause the border router to send into the subnet a stream of neighbor discovery packets, and to create cache entries for this information. As the table space in the router is limited, this attack can easily overrun the available table space, and cause the router to lose track of actual hosts, and to prevent new legitimate hosts from registering.
There are existing techniques that remediate this attack in certain scenarios, such as when the subnet is a subscriber subnet using Point-to-Point Protocol over Ethernet (PPPoE). However, there is no general prophylactic approach for preventing the attack.