Browse Definitions :
Definition

fast flux DNS

What is fast flux DNS?

Fast flux DNS is a technique that a cybercriminal can use to prevent identification of his key host server's IP address. By abusing the way the domain name system works, the criminal can create a botnet with nodes that join and drop off the network faster than law enforcement officials can trace them.

Fast flux DNS takes advantage of the way load balancing is built into the domain name system. DNS allows an administrator to register a number of IP addresses with a single host name. The alternate addresses are legitimately used to distribute Internet traffic among multiple servers. Typically, the IP addresses associated with a host domain do not change very often, if at all. 

However, criminals have discovered that they can hide key servers by using a sixty-second time-to-live (TTL) setting for their DNS resource records and swapping the records' associated IP addresses in and out with extreme frequency. Because abuse of the system requires the cooperation of a domain name registrar, most fast flux DNS botnets are believed to originate in emerging countries or other countries without laws for cybercrime. 

According to a white paper from the Honeypot Project, fast-flux botnets are responsible for many illegal practices, including  money mule recruitment sites, phishing websites, illicit online pharmacies,extreme or illegal adult content sites, malicious browser exploit sites and Web traps for distributing malware.

Learn More:

Security expert Ed Skoudis explains how fast flux DNS can be used to create a phishing botnet.

This paper from the Honeypot Project explains how criminals have abused the domain name system to create fast flux botnet systems.

This was last updated in November 2008

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

SearchCompliance

  • compliance audit

    A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines.

  • regulatory compliance

    Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business...

  • Whistleblower Protection Act

    The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from ...

SearchSecurity

  • RSA algorithm (Rivest-Shamir-Adleman)

    The RSA algorithm is the basis of a cryptosystem -- a suite of cryptographic algorithms that are used for specific security ...

  • remote access

    Remote access is the ability to access a computer or a network remotely through a network connection.

  • IP Spoofing

    IP spoofing is the crafting of Internet Protocol (IP) packets with a source IP address that has been modified to impersonate ...

SearchHealthIT

SearchDisasterRecovery

  • network disaster recovery plan

    A network disaster recovery plan is a set of procedures designed to prepare an organization to respond to an interruption of ...

  • virtual disaster recovery

    Virtual disaster recovery is a type of DR that typically involves replication and allows a user to fail over to virtualized ...

  • tabletop exercise (TTX)

    A tabletop exercise (TTX) is a disaster preparedness activity that takes participants through the process of dealing with a ...

SearchStorage

  • enterprise storage

    Enterprise storage is a centralized repository for business information that provides common data management, protection and data...

  • disk array

    A disk array, also called a storage array, is a data storage system used for block-based storage, file-based storage or object ...

  • optical storage

    Optical storage is any storage type in which data is written and read with a laser. Typically, data is written to optical media, ...

Close