Fast flux

Hosting method where a domain's IP address changes continuously

Fast flux is a technique where many computers in a botnet act as proxies to a domain serving malicious and/or illegal content. In fast flux hosting, many nodes on a botnet frequently register and de-register their addresses for a single DNS entry. A URL on that domain will therefore point to a continuously changing IP address.

Fast flux is used to prevent IP-based blacklisting. Because of the various proxy layers, it also helps to mask the attackers' system.

Fast flux has been known to security researchers since 2006 and started to be used frequently in 2007.

Related web links

The world of botnets (Virus Bulletin, September 2006)

Glossary


	Similar entries Obfuscation Packer Replication Shellcode Stealth Typosquatting See also Glossary Resources

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

VB2012


	VB2012 will take place 26 - 28 September 2012 at the Fairmont Dallas hotel, Dallas, TX, USA.

Virus Bulletin currently has 224,238 registered users.

Fighting malware and spam

Fast flux

Related web links

See also