fast flux DNSWhat is fast flux DNS? Fast flux DNS is a technique that a cybercriminal can use to prevent identification of his key host server's IP address. By abusing the way the domain name system works, the criminal can create a botnet with nodes that join and drop off the network faster than law enforcement officials can trace them. Fast flux DNS takes advantage of the way load balancing is built into the domain name system. DNS allows an administrator to register a number of IP addresses with a single host name. The alternate addresses are legitimately used to distribute Internet traffic among multiple servers. Typically, the IP addresses associated with a host domain do not change very often, if at all. However, criminals have discovered that they can hide key servers by using a sixty-second time-to-live (TTL) setting for their DNS resource records and swapping the records' associated IP addresses in and out with extreme frequency. Because abuse of the system requires the cooperation of a domain name registrar, most fast flux DNS botnets are believed to originate in emerging countries or other countries without laws for cybercrime. According to a white paper from the Honeypot Project, fast-flux botnets are responsible for many illegal practices, including money mule recruitment sites, phishing websites, illicit online pharmacies,extreme or illegal adult content sites, malicious browser exploit sites and Web traps for distributing malware. Learn More: Security expert Ed Skoudis explains how fast flux DNS can be used to create a phishing botnet. This paper from the Honeypot Project explains how criminals have abused the domain name system to create fast flux botnet systems.
|
|
|
| Last updated on:
Nov 13, 2008 |
|
Are you a Know-IT-All?
What language does a computer speak? (Hint: It consists of 0's and 1's)
Answer
 Get the Word of the Day
 Follow us on Twitter
|
|
|
|
|
WORD OF THE DAY... |
|
|
|
teach box
|
|
| LEARN MORE ABOUT... |
|
|
|
|
|
|
