[AFRI-Discuss] SSAC Releases Advice on Fast-Flux Hosting
Nick Ashton-Hart
nick.ashton-hart at icann.org
Fri Feb 1 09:30:22 EST 2008
Dear All:
The Stability and Security Advisory Committee has just released an
updated report on Fast-Flux Hosting and the DNS, which can be accessed
here: http://www.icann.org/committees/security/sac025.pdf
From the introduction of the report:
"Fast flux" is an evasion technique that cyber-criminals and Internet
miscreants use to evade identification and to frustrate law
enforcement and anticrime efforts aimed at locating and shutting down
web sites used for illegal purposes. Fast flux hosting is an
application of technology that supports a wide variety of cyber-crime
activities (fraud, identity theft, online scams) and is considered one
of the most serious threats to online activities today. Basic fast
flux hosting uses rapid modification of IP addresses associated with a
system that hosts a malicious activity to evade detection and take
down efforts. This technique is also used to rapidly modify the IP
addresses of the name servers that resolve the domain names of the
fluxed malicious hosts (this variant is sometimes called NS fast
flux). A particularly troublesome variant of fast flux hosting,
"double flux", fluxes addresses of both name servers and malicious
(web server) hosts.
This Advisory describes the technical aspects of fast flux hosting and
fast flux service networks. It explains how the DNS is exploited to
abet criminal activities that employ fast flux hosting, identifying
the impacts of fast flux hosting, and calling particular attention to
the way such attacks extend the malicious or profitable lifetime of
the illegal activities conducted using these fast flux techniques. It
describes current and possible methods of mitigating fast flux hosting
at various points in the Internet. The Advisory discusses the pros and
cons of these mitigation methods, identifies those methods that SSAC
considers practical and sensible, and recommends that appropriate
bodies consider policies that would make the practical mitigation
methods universally available to registrants, ISPs, registrars and
registries (where applicable for each).
--
Regards,
Nick Ashton-Hart
Director, At-Large
ICANN
Main Tel: +33 (450) 40 46 88
USA Tel: +1 (202) 657-5460
Fax: +41 (22) 594-85-44
Mobile: +41 (79) 595 54-68
email: nick.ashton-hart at icann.org
Win IM: ashtonhart at hotmail.com / AIM/iSight: nashtonhart at mac.com /
Skype: nashtonhart
Online Bio: https://www.linkedin.com/in/ashtonhart
More information about the AFRI-Discuss
mailing list