The IT Law Wiki
Don't have an account?
Register
Advertisement
Register
in: Definition, Cybercrime

Fast flux service network

Revision as of 22:43, 7 September 2014 by Mdscott (talk | contribs) (Adding categories)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Edit

Definition[]

Fast flux service network is an

online attack . . . where public Domain Name System (DNS) records are rapidly changed by botnets, in some cases every three to five minutes or less, in order to hide phishing and malware delivery websites, child exploitation sites, and other websites that cannot be readily hosted at a conventional provider.[1]

Overview[]

"The basic idea behind fast flux is to have numerous compromised computers associated with a single fully qualified domain name, and changing the DNS records with extremely high frequency (every few minutes), effectively swapping which hosts are associated with that domain name. This use of a constantly changing set of hosts makes it much more difficult to take down these illegal websites; as you find and report three or four "botted" hosts, another three or four are rotated into place, replacing the ones being tracked by the security community with a brand new batch."[2]

References[]

  1. Best Practices to Address Online and Mobile Threats, at 5.
  2. Id.
Community content is available under CC-BY-SA unless otherwise noted.
Advertisement