Someone pointed out to me that the meaning of the term “fast-flux” is not widely known (when talking about the storm worm). Did a quick dig on wikipedia and found an OK explanation,
http://en.wikipedia.org/wiki/Fast_flux :
“The simplest type of fast flux, referred to as “single-flux”, is characterized by multiple individual nodes within the network registering and de-registering their addresses as part of the DNS A (address) record list for a single DNS name. This combines round robin DNS with very short TTL (time to live) values to create a constantly changing list of destination addresses for that single DNS name. The list can be hundreds or thousands of entries long. A more sophisticated type of fast flux, referred to as “double-flux”, is characterized by multiple nodes within the network registering and de-registering their addresses as part of the DNS SOA (start of authority) record list for the DNS zone. This provides an additional layer of redundancy and survivability within the malware network.”Cheers,
Recent posts
- Wonderful networking cheat sheets…
- Monty Python goes 2.0
- Q.P - On my way to Borås & Jönköping…
- Does this mean…
- Aspire One wallpaper, Tree
Categories
- censorship
- cryptography
- democracy
- dns
- exploit
- fraud
- linux
- malware
- microsoft
- misc
- networking
- party
- patents
- personal
- privacy
- programming
- reverse engineering
- security
- standards
- vista
- webapps
- work
Links
- Anti-virus Rants
- Henrik Alexandersson (HAX)
- Nyström’s fotoblog
- Opassande
- Oscar Swartz
- Panda Labs
- Panda Research
- PCM International
- Piratpartiet
- Rick Falkvinge (pp)
- Rosetta Sten
sdas
All photos and media by Daniel Nyström that is published on this site is licensed under a Creative Commons Attribution-Share Alike 2.5 Sweden License if nothing else is mentioned in the caption or description.