IPv6 drama: ostensibly due to behavior specified by the IETF, some Microsoft and Juniper platforms can can be subjected to resource exhaustion by flooding them with IPv6 router advertisements (RAs). Article here.
Reality check: if I’m connected to your wired LAN, there are lots of ways I can subject you to denial of service attacks, regardless of the above bug. Ditto for wireless, for that matter. Juniper argues that RAs should be gated by whitelisting; that sounds plausible, even if it’s not in the standard.
But even more important is to apply the defense in depth principal here: do un-authenticated users have access to your network? If so, where and why?