9/22/2023 0 Comments Flux networks![]() ![]() Types An illustration of single and double DNS fast-fluxing networks.įast-fluxing is generally classified into two types: single fluxing and double fluxing, a build-on implementation over single fluxing. ![]() The backend motherships do not establish direct communication with the user agents, rather every actions are reverse proxied through compromised frontend nodes, effectively making the attack long-lasting and resilient against take down attempts. The frontend bots, which act as an ephemeral host affixed to a control master, are called flux-agents whose network availability is indeterminate due to the dynamic nature of fast-fluxing. ![]() The purpose of using FFSN infrastructure for the botnets is to relay network requests and act as a proxy to the backend bulletproof content server which function as an " origin server". Fast-flux service network Ī fast-flux service network (FFSN) is a network infrastructure resultant of the fast-fluxed network of compromised hosts the technique is also used by legitimate service providers such as content distribution networks (CDNs) where the dynamic IP address is converted to match the domain name of the internet host, usually for the purpose of load balancing using round-robin domain name system (RR-DNS). Rock Phish (2004) and Storm Worm (2007) were two notable fast-flux service networks which were used for malware distribution and phishing. Fast-fluxing remains an intricate problem in network security and current countermeasures remain ineffective.įast-fluxing was first reported by the security researchers William Salusky and Robert Danford of The Honeynet Project in 2007 the following year, they released a systematic study of fast-flux service networks in 2008. ĭepending on the configuration and complexity of the infrastructure, fast-fluxing is generally classified into single, double, and domain fast-flux networks. The fundamental idea behind fast-flux is to have numerous IP addresses associated with a single fully qualified domain name, where the IP addresses are swapped in and out with extremely high frequency, through changing DNS resource records, thus the authoritative name servers of the said fast-fluxing domain name is-in most cases-hosted by the criminal actor. It can also refer to the combination of peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection used to make malware networks more resistant to discovery and counter-measures. Robtex DNS Analysis of a fast fluxing domain.įast flux is a domain name system (DNS) based evasion technique used by cyber criminals to hide phishing and malware delivery websites behind an ever-changing network of compromised hosts acting as reverse proxies to the backend botnet master-a bulletproof autonomous system. For the nuclear breeder reactor, see Fast Flux Test Facility. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |