The Internet is a critical resource in the day-to-day life of billions ofusers. To support the growing number of users and their increasing demands,operators have to continuously scale their network footprint -- e.g., byjoining Internet Exchange Points -- and adopt relevant technologies -- such asIPv6. IPv6, however, has a vastly larger address space compared to itspredecessor, which allows for new kinds of attacks on the Internet routinginfrastructure. In this paper, we present Kirin: a BGP attack that sources millions of IPv6routes and distributes them via thousands of sessions across various IXPs tooverflow the memory of border routers within thousands of remote ASes. Kirin'shighly distributed nature allows it to bypass traditional route-floodingdefense mechanisms, such as per-session prefix limits or route flap damping. Weanalyze the theoretical feasibility of the attack by formulating it as aInteger Linear Programming problem, test for practical hurdles by deploying theinfrastructure required to perform a small-scale Kirin attack using 4 IXPs, andvalidate our assumptions via BGP data analysis, real-world measurements, androuter testbed experiments. Despite its low deployment cost, we find Kirincapable of injecting lethal amounts of IPv6 routes in the routers of thousandsof ASes.<br
