[EURO-Discuss] SSAC Releases Advice on Fast-Flux Hosting

Nick Ashton-Hart nick.ashton-hart at icann.org
Fri Feb 1 09:30:05 EST 2008


Dear All:

The Stability and Security Advisory Committee has just released an  
updated report on Fast-Flux Hosting and the DNS, which can be accessed  
here:  http://www.icann.org/committees/security/sac025.pdf

 From the introduction of the report:

"Fast flux" is an evasion technique that cyber-criminals and Internet  
miscreants use to evade identification and to frustrate law  
enforcement and anticrime efforts aimed at locating and shutting down  
web sites used for illegal purposes. Fast flux hosting is an  
application of technology that supports a wide variety of cyber-crime  
activities (fraud, identity theft, online scams) and is considered one  
of the most serious threats to online activities today. Basic fast  
flux hosting uses rapid modification of IP addresses associated with a  
system that hosts a malicious activity to evade detection and take  
down efforts. This technique is also used to rapidly modify the IP  
addresses of the name servers that resolve the domain names of the  
fluxed malicious hosts (this variant is sometimes called NS fast  
flux). A particularly troublesome variant of fast flux hosting,  
"double flux", fluxes addresses of both name servers and malicious  
(web server) hosts.

This Advisory describes the technical aspects of fast flux hosting and  
fast flux service networks.   It explains how the DNS is exploited to  
abet criminal activities that employ fast flux hosting, identifying  
the impacts of fast flux hosting, and calling particular attention to  
the way such attacks extend the malicious or profitable lifetime of  
the illegal activities conducted using these fast flux techniques.  It  
describes current and possible methods of mitigating fast flux hosting  
at various points in the Internet. The Advisory discusses the pros and  
cons of these mitigation methods, identifies those methods that SSAC  
considers practical and sensible, and recommends that appropriate  
bodies consider policies that would make the practical mitigation  
methods universally available to registrants, ISPs, registrars and  
registries (where applicable for each).
-- 
Regards,

Nick Ashton-Hart
Director, At-Large
ICANN
Main Tel: +33 (450) 40 46 88
USA Tel: +1 (202) 657-5460
Fax: +41 (22) 594-85-44
Mobile: +41 (79) 595 54-68
email: nick.ashton-hart at icann.org
Win IM: ashtonhart at hotmail.com / AIM/iSight: nashtonhart at mac.com /  
Skype: nashtonhart
Online Bio:   https://www.linkedin.com/in/ashtonhart







More information about the EURO-Discuss mailing list