Fast flux

Hosting method where a domain's IP address changes continuously

Fast flux is a technique where many computers in a botnet act as proxies to a domain serving malicious and/or illegal content. In fast flux hosting, many nodes on a botnet frequently register and de-register their addresses for a single DNS entry. A URL on that domain will therefore point to a continuously changing IP address.

Fast flux is used to prevent IP-based blacklisting. Because of the various proxy layers, it also helps to mask the attackers' system.

Fast flux has been known to security researchers since 2006 and started to be used frequently in 2007.

Related web links

Quick Links

Poll
The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Yes
No
I don't know
Leave a comment
View 11 comments

99 Subscription Promo

VB2012
VB2012 VB2012 will take place 26 - 28 September 2012 at the Fairmont Dallas hotel, Dallas, TX, USA.

Virus Bulletin currently has 224,238 registered users.