What is the Fast Flux Network?
A Fast Flux Network is a network of compromised computers and some public DNS records where the DNS records change frequently. As a result, the IP address associated with the corresponding domain name changes frequently. Attackers often use this technique to hide their malicious servers. How do Fast Flux Networks work, and what are the different types of Fast Flux? In this article, we will discuss that in detail.
How do attackers use Fast Flux Networks?
Attackers typically compromise one or more computer systems with malware and exploit those to establish a fraudulent website like a phishing website. The problem of the attackers with this approach is, these websites can be easily tracked down by public DNS names and IP addresses and can be shut down immediately.
So, the attackers started using server address obfuscation. They often use a group of proxy servers. However, this approach also does not prove to be very convenient for them because of limited scalability. Moreover, these websites can still be tracked down quickly by international cooperation. So, the attackers started using Fast Flux Networks.
The basic idea behind a Fast Flux Network is to associate multiple IP addresses to a malicious domain name. These IP addresses are swapped in and out with extremely high frequency, e.g. every 3 minutes, with the help of changing DNS records. As a result, a browser connecting to the same malicious website will see different IP addresses every 3-4 minutes and connect to the actual malicious website via different infected computers every time.
0 Comments