Fast flux

Hosting method where a domain's IP address changes continuously

Fast flux is a technique where many computers in a botnet act as proxies to a domain serving malicious and/or illegal content. In fast flux hosting, many nodes on a botnet frequently register and de-register their addresses for a single DNS entry. A URL on that domain will therefore point to a continuously changing IP address.

Fast flux is used to prevent IP-based blacklisting. Because of the various proxy layers, it also helps to mask the attackers' system.

Fast flux has been known to security researchers since 2006 and started to be used frequently in 2007.

Related web links

Poll

Should anti-virus software be free for personal use?
Yes
No
I don't know

Leave a comment
View 43 comments
Jobs Recruit Sidebar

Virus Bulletin

In this month's magazine:
  • Co-operation is the only way
  • XXX racted
  • Your filters are bypassed: Rustock.C in the kernel
  • Family matters
  • The Ottawa rules
  • DriveSentry Desktop 3.1/3.2 & GoAnywhere 1.0.2/2.0
  • The problem of backscatter – part 3
Virus Bulletin 10 2008
Subscribe now!
Virus Bulletin currently has 144,127 registered users.