SlideShare a Scribd company logo

Fast flux

Download as PPTX, PDF
Swapnil Patil
Swapnil Patil

Fast flux is a DNS technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies.

Education
1 of 12
INTRODUCTION • WHAT IS FAST FLUX? • LOAD BALANCING • MOTHERSHIPS
bot herder "leases" botnet to "customer" 2 bot herder infects hosts 1 Customer "acquires" phishing kit from malware author 3 Via a registrar, customer registers nameserverservicenetwork.tld and boguswebsitesexample.tld 4 5 Via a registrar, customer fluxes NS records for nameserverservicenetwork.tld $TTL 180 Customer spams phishing email to lure victims to bogus web site 8 STEPS 5-7 repeat as TTLs expire… ANATOMY OF AN ATTACK 6 flux host records for boguswebsitesexample.tld have $TTL 180 Customer uses botnet channel to load bogus web site onto hosts boguswebsitesexample.tld 7
HOW FAST FLUX WORKS
TYPES OF FAST FLUX 1.SINGLE FLUX 2.DOUBLE FLUX
REAL LIFE EXAMPLE;; WHEN: Sat Feb 3 20:08:08 2007 divewithsharks.hk. 1800 IN A 70.68.187.xxx [xxx.vf.shawcable.net] divewithsharks.hk. 1800 IN A 76.209.81.xxx [SBIS-AS - AT&T Internet Services] divewithsharks.hk. 1800 IN A 85.207.74.xxx [adsl-ustixxx-74-207-85.bluetone.cz] divewithsharks.hk. 1800 IN A 90.144.43.xxx [d90-144-43-xxx.cust.tele2.fr] divewithsharks.hk. 1800 IN A 142.165.41.xxx [142-165-41-xxx.msjw.hsdb.sasknet.sk.ca] divewithsharks.hk. 1800 IN NS ns1.world-wr.com. divewithsharks.hk. 1800 IN NS ns2.world-wr.com. ns1.world-wr.com. 87169 IN A 66.232.119.212 [HVC-AS - HIVELOCITY VENTURES CORP] ns2.world-wr.com. 87177 IN A 209.88.199.xxx [vpdn-dsl209-88-199-xxx.alami.net] ;; WHEN: Sat Feb 3 20:40:04 2007 (~30 minutes/1800 seconds later) divewithsharks.hk. 1800 IN A 24.85.102.xxx [xxx.vs.shawcable.net] NEW divewithsharks.hk. 1800 IN A 69.47.177.xxx [d47-69-xxx-177.try.wideopenwest.com] NEW divewithsharks.hk. 1800 IN A 70.68.187.xxx [xxx.vf.shawcable.net] divewithsharks.hk. 1800 IN A 90.144.43.xxx [d90-144-43-xxx.cust.tele2.fr] divewithsharks.hk. 1800 IN A 142.165.41.xxx [142-165-41-xxx.msjw.hsdb.sasknet.sk.ca] divewithsharks.hk. 1800 IN NS ns1.world-wr.com. divewithsharks.hk. 1800 IN NS ns2.world-wr.com. ns1.world-wr.com. 85248 IN A 66.232.119.xxx [HVC-AS - HIVELOCITY VENTURES CORP] ns2.world-wr.com. 82991 IN A 209.88.199.xxx [vpdn-dsl209-88-199-xxx.alami.net] ;; WHEN: Sat Feb 3 21:10:07 2007 (~30 minutes/1800 seconds later) divewithsharks.hk. 1238 IN A 68.150.25.xxx [xxx.ed.shawcable.net] NEW divewithsharks.hk. 1238 IN A 76.209.81.xxx [SBIS-AS - AT&T Internet Services] This one retuns! divewithsharks.hk. 1238 IN A 172.189.83.xxx [xxx.ipt.aol.com] NEW divewithsharks.hk. 1238 IN A 200.115.195.xxx [pcxxx.telecentro.com.ar] NEW divewithsharks.hk. 1238 IN A 213.85.179.xxx [CNT Autonomous System] NEW divewithsharks.hk. 1238 IN NS ns1.world-wr.com. divewithsharks.hk. 1238 IN NS ns2.world-wr.com. ns1.world-wr.com. 83446 IN A 66.232.119.xxx [HVC-AS - HIVELOCITY VENTURES CORP] ns2.world-wr.com. 81189 IN A 209.88.199.xxx [vpdn-dsl209-88-199-xxx.alami.net]
ADVANTAGES FOR THE ATTACKER • SIMPLICITY • FRONT-END DISPOSABLE NODES • MULTILAYER SECURITY
FAST-FLUX FOR PHISHING • MORE PLAYERS • MORE TARGETS
MITIGATION • CONTACT PROVIDER OF IP ADDRESS • REMOVE BOT VULNERABILITIES • BLOCK ACCESS TO CONTROLLERINFRASTRUCTURE
REFERENCES • HTTP://WWW.HONEYNET.ORG/NODE/131 • HTTP://SCHOLAR.GOOGLE.CO.IN/SCHOLAR?Q=FAST+FLUX&HL=EN&AS_SDT=0&AS_VIS=1&OI=SCHOLA RT&SA=X&EI=N07CU6ZDKOW48GW374GADW&VED=0CBSQGQMWAA • HTTP://EN.WIKIPEDIA.ORG/WIKI/FAST_FLUX
THANK YOU

Recommended

Security in the blockchain
Security in the blockchainSecurity in the blockchain
Security in the blockchain
Bellaj Badr
 
BITCOIN- A Presentation.
BITCOIN- A Presentation.BITCOIN- A Presentation.
BITCOIN- A Presentation.
Mimansha Bahadur
 
Introduction to Cryptocurrency (Bitcoin)
Introduction to Cryptocurrency (Bitcoin)Introduction to Cryptocurrency (Bitcoin)
Introduction to Cryptocurrency (Bitcoin)
Kashif Khans
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)security
Enrico Zimuel
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Damien Magoni
 
Cryptocurrency Exchanges - An Introduction
Cryptocurrency Exchanges - An IntroductionCryptocurrency Exchanges - An Introduction
Cryptocurrency Exchanges - An Introduction
Christian Kameir
 
Botnets
BotnetsBotnets
Botnets
Vishwadeep Badgujar
 
Blockchain and Smart Contracts
Blockchain and Smart ContractsBlockchain and Smart Contracts
Blockchain and Smart Contracts
Financial Poise
 

Recommended

Security in the blockchain
Security in the blockchainSecurity in the blockchain
Security in the blockchain
Bellaj Badr
 
BITCOIN- A Presentation.
BITCOIN- A Presentation.BITCOIN- A Presentation.
BITCOIN- A Presentation.
Mimansha Bahadur
 
Introduction to Cryptocurrency (Bitcoin)
Introduction to Cryptocurrency (Bitcoin)Introduction to Cryptocurrency (Bitcoin)
Introduction to Cryptocurrency (Bitcoin)
Kashif Khans
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)security
Enrico Zimuel
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Damien Magoni
 
Cryptocurrency Exchanges - An Introduction
Cryptocurrency Exchanges - An IntroductionCryptocurrency Exchanges - An Introduction
Cryptocurrency Exchanges - An Introduction
Christian Kameir
 
Botnets
BotnetsBotnets
Botnets
Vishwadeep Badgujar
 
Blockchain and Smart Contracts
Blockchain and Smart ContractsBlockchain and Smart Contracts
Blockchain and Smart Contracts
Financial Poise
 
Cyber crime ppt new
Cyber crime ppt newCyber crime ppt new
Cyber crime ppt new
Onkar1431
 
Cryptocurrency
CryptocurrencyCryptocurrency
Cryptocurrency
crypt00
 
Bitcoin
BitcoinBitcoin
Bitcoin
ghanbarianm
 
BLOCKCHAIN
BLOCKCHAINBLOCKCHAIN
BLOCKCHAIN
Nitish sharma
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
Mahmoud Ibra
 
Cryptocurrency
CryptocurrencyCryptocurrency
Cryptocurrency
Abdullah Al Mamun
 
BOTNET
BOTNETBOTNET
BOTNET
Arjo Ghosh
 
Cybercrime ppt competition
Cybercrime ppt competitionCybercrime ppt competition
Cybercrime ppt competition
Mumbai University
 
Blockchain: The New Technology and Its Applications for Libraries
Blockchain: The New Technology and Its Applications for LibrariesBlockchain: The New Technology and Its Applications for Libraries
Blockchain: The New Technology and Its Applications for Libraries
Bohyun Kim
 
BitConeView: Visualization of Flows in the Bitcoin Transaction Graph
BitConeView: Visualization of Flows in the Bitcoin Transaction GraphBitConeView: Visualization of Flows in the Bitcoin Transaction Graph
BitConeView: Visualization of Flows in the Bitcoin Transaction Graph
Data Driven Innovation
 
Web3 Infrastructure Thesis
Web3 Infrastructure Thesis Web3 Infrastructure Thesis
Web3 Infrastructure Thesis
SeanStuart17
 
Blockchain
BlockchainBlockchain
Blockchain
Liam Moore
 
Blockchain and distributed ledgers
Blockchain and distributed ledgersBlockchain and distributed ledgers
Blockchain and distributed ledgers
Robin Teigland
 
CRYPTO BLOCKCHAIN.pptx
CRYPTO BLOCKCHAIN.pptxCRYPTO BLOCKCHAIN.pptx
CRYPTO BLOCKCHAIN.pptx
DrTazeentajMahat
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
vishalgohel12195
 
Blockchain Technology And Cryptocurrency
Blockchain Technology And CryptocurrencyBlockchain Technology And Cryptocurrency
Blockchain Technology And Cryptocurrency
Eno Bassey
 
Blockchain overview, use cases, implementations and challenges
Blockchain overview, use cases, implementations and challengesBlockchain overview, use cases, implementations and challenges
Blockchain overview, use cases, implementations and challenges
Sébastien Tandel
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
stollen_fusion
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
Hajer alriyami
 
Bitcoin Protocols 1.0 and 2.0 Explained in the Series: Blockchain: The Inform...
Bitcoin Protocols 1.0 and 2.0 Explained in the Series: Blockchain: The Inform...Bitcoin Protocols 1.0 and 2.0 Explained in the Series: Blockchain: The Inform...
Bitcoin Protocols 1.0 and 2.0 Explained in the Series: Blockchain: The Inform...
Melanie Swan
 
Botconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server DetectionBotconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server Detection
SensePost
 
Fast flux hosting and DNS
Fast flux hosting and DNSFast flux hosting and DNS
Fast flux hosting and DNS
amiable_indian
 

More Related Content

What's hot

What's hot (20)

Cyber crime ppt new
Cyber crime ppt newCyber crime ppt new
Cyber crime ppt new
 
Cryptocurrency
CryptocurrencyCryptocurrency
Cryptocurrency
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
BLOCKCHAIN
BLOCKCHAINBLOCKCHAIN
BLOCKCHAIN
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
 
Cryptocurrency
CryptocurrencyCryptocurrency
Cryptocurrency
 
BOTNET
BOTNETBOTNET
BOTNET
 
Cybercrime ppt competition
Cybercrime ppt competitionCybercrime ppt competition
Cybercrime ppt competition
 
Blockchain: The New Technology and Its Applications for Libraries
Blockchain: The New Technology and Its Applications for LibrariesBlockchain: The New Technology and Its Applications for Libraries
Blockchain: The New Technology and Its Applications for Libraries
 
BitConeView: Visualization of Flows in the Bitcoin Transaction Graph
BitConeView: Visualization of Flows in the Bitcoin Transaction GraphBitConeView: Visualization of Flows in the Bitcoin Transaction Graph
BitConeView: Visualization of Flows in the Bitcoin Transaction Graph
 
Web3 Infrastructure Thesis
Web3 Infrastructure Thesis Web3 Infrastructure Thesis
Web3 Infrastructure Thesis
 
Blockchain
BlockchainBlockchain
Blockchain
 
Blockchain and distributed ledgers
Blockchain and distributed ledgersBlockchain and distributed ledgers
Blockchain and distributed ledgers
 
CRYPTO BLOCKCHAIN.pptx
CRYPTO BLOCKCHAIN.pptxCRYPTO BLOCKCHAIN.pptx
CRYPTO BLOCKCHAIN.pptx
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
 
Blockchain Technology And Cryptocurrency
Blockchain Technology And CryptocurrencyBlockchain Technology And Cryptocurrency
Blockchain Technology And Cryptocurrency
 
Blockchain overview, use cases, implementations and challenges
Blockchain overview, use cases, implementations and challengesBlockchain overview, use cases, implementations and challenges
Blockchain overview, use cases, implementations and challenges
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
 
Bitcoin Protocols 1.0 and 2.0 Explained in the Series: Blockchain: The Inform...
Bitcoin Protocols 1.0 and 2.0 Explained in the Series: Blockchain: The Inform...Bitcoin Protocols 1.0 and 2.0 Explained in the Series: Blockchain: The Inform...
Bitcoin Protocols 1.0 and 2.0 Explained in the Series: Blockchain: The Inform...
 

Viewers also liked

Fast flux hosting and DNS
Fast flux hosting and DNSFast flux hosting and DNS
Fast flux hosting and DNS
amiable_indian
 

Viewers also liked (17)

Botconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server DetectionBotconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server Detection
 
Fast flux hosting and DNS
Fast flux hosting and DNSFast flux hosting and DNS
Fast flux hosting and DNS
 
OpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&COpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&C
 
DNS Security
DNS SecurityDNS Security
DNS Security
 
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
 
DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016
 
The DNS Tunneling Blindspot
The DNS Tunneling BlindspotThe DNS Tunneling Blindspot
The DNS Tunneling Blindspot
 
Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the name
 
Dns security threats and solutions
Dns security threats and solutionsDns security threats and solutions
Dns security threats and solutions
 
Dns security
Dns securityDns security
Dns security
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniques
 
DNS Security
DNS SecurityDNS Security
DNS Security
 
Security of DNS
Security of DNSSecurity of DNS
Security of DNS
 
Let's Lean and Implement flux
Let's Lean and Implement fluxLet's Lean and Implement flux
Let's Lean and Implement flux
 
CNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS SecurityCNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS Security
 
DNS Security Presentation ISSA
DNS Security Presentation ISSADNS Security Presentation ISSA
DNS Security Presentation ISSA
 
Scalability, Availability & Stability Patterns
Scalability, Availability & Stability PatternsScalability, Availability & Stability Patterns
Scalability, Availability & Stability Patterns
 

Recently uploaded

MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MysoreMuleSoftMeetup
 
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
EADTU
 
Contoh Aksi Nyata Refleksi Diri ( NUR ).pdf
Contoh Aksi Nyata Refleksi Diri ( NUR ).pdfContoh Aksi Nyata Refleksi Diri ( NUR ).pdf
Contoh Aksi Nyata Refleksi Diri ( NUR ).pdf
cupulin
 
PS-Policies-on-Enrolment-Transfer-of-Docs-Checking-of-School-Forms-and-SF10-a...
PS-Policies-on-Enrolment-Transfer-of-Docs-Checking-of-School-Forms-and-SF10-a...PS-Policies-on-Enrolment-Transfer-of-Docs-Checking-of-School-Forms-and-SF10-a...
PS-Policies-on-Enrolment-Transfer-of-Docs-Checking-of-School-Forms-and-SF10-a...
nhezmainit1
 
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community PartnershipsSpring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
expandedwebsite
 
SURVEY I created for uni project research
SURVEY I created for uni project researchSURVEY I created for uni project research
SURVEY I created for uni project research
CaitlinCummins3
 

Recently uploaded (20)

UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdfUGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
 
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
 
UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024UChicago CMSC 23320 - The Best Commit Messages of 2024
UChicago CMSC 23320 - The Best Commit Messages of 2024
 
When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...
 
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
 
Contoh Aksi Nyata Refleksi Diri ( NUR ).pdf
Contoh Aksi Nyata Refleksi Diri ( NUR ).pdfContoh Aksi Nyata Refleksi Diri ( NUR ).pdf
Contoh Aksi Nyata Refleksi Diri ( NUR ).pdf
 
PS-Policies-on-Enrolment-Transfer-of-Docs-Checking-of-School-Forms-and-SF10-a...
PS-Policies-on-Enrolment-Transfer-of-Docs-Checking-of-School-Forms-and-SF10-a...PS-Policies-on-Enrolment-Transfer-of-Docs-Checking-of-School-Forms-and-SF10-a...
PS-Policies-on-Enrolment-Transfer-of-Docs-Checking-of-School-Forms-and-SF10-a...
 
Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111
 
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
 
Graduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptxGraduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptx
 
Major project report on Tata Motors and its marketing strategies
Major project report on Tata Motors and its marketing strategiesMajor project report on Tata Motors and its marketing strategies
Major project report on Tata Motors and its marketing strategies
 
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community PartnershipsSpring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
 
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
 
SURVEY I created for uni project research
SURVEY I created for uni project researchSURVEY I created for uni project research
SURVEY I created for uni project research
 
Trauma-Informed Leadership - Five Practical Principles
Trauma-Informed Leadership - Five Practical PrinciplesTrauma-Informed Leadership - Five Practical Principles
Trauma-Informed Leadership - Five Practical Principles
 
ESSENTIAL of (CS/IT/IS) class 07 (Networks)
ESSENTIAL of (CS/IT/IS) class 07 (Networks)ESSENTIAL of (CS/IT/IS) class 07 (Networks)
ESSENTIAL of (CS/IT/IS) class 07 (Networks)
 
What is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptxWhat is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptx
 
Analyzing and resolving a communication crisis in Dhaka textiles LTD.pptx
Analyzing and resolving a communication crisis in Dhaka textiles LTD.pptxAnalyzing and resolving a communication crisis in Dhaka textiles LTD.pptx
Analyzing and resolving a communication crisis in Dhaka textiles LTD.pptx
 
diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 

Fast flux

  • 1.
  • 2. INTRODUCTION • WHAT IS FAST FLUX? • LOAD BALANCING • MOTHERSHIPS
  • 3. bot herder "leases" botnet to "customer" 2 bot herder infects hosts 1 Customer "acquires" phishing kit from malware author 3 Via a registrar, customer registers nameserverservicenetwork.tld and boguswebsitesexample.tld 4 5 Via a registrar, customer fluxes NS records for nameserverservicenetwork.tld $TTL 180 Customer spams phishing email to lure victims to bogus web site 8 STEPS 5-7 repeat as TTLs expire… ANATOMY OF AN ATTACK 6 flux host records for boguswebsitesexample.tld have $TTL 180 Customer uses botnet channel to load bogus web site onto hosts boguswebsitesexample.tld 7
  • 5. TYPES OF FAST FLUX 1.SINGLE FLUX 2.DOUBLE FLUX
  • 6.
  • 7. REAL LIFE EXAMPLE;; WHEN: Sat Feb 3 20:08:08 2007 divewithsharks.hk. 1800 IN A 70.68.187.xxx [xxx.vf.shawcable.net] divewithsharks.hk. 1800 IN A 76.209.81.xxx [SBIS-AS - AT&T Internet Services] divewithsharks.hk. 1800 IN A 85.207.74.xxx [adsl-ustixxx-74-207-85.bluetone.cz] divewithsharks.hk. 1800 IN A 90.144.43.xxx [d90-144-43-xxx.cust.tele2.fr] divewithsharks.hk. 1800 IN A 142.165.41.xxx [142-165-41-xxx.msjw.hsdb.sasknet.sk.ca] divewithsharks.hk. 1800 IN NS ns1.world-wr.com. divewithsharks.hk. 1800 IN NS ns2.world-wr.com. ns1.world-wr.com. 87169 IN A 66.232.119.212 [HVC-AS - HIVELOCITY VENTURES CORP] ns2.world-wr.com. 87177 IN A 209.88.199.xxx [vpdn-dsl209-88-199-xxx.alami.net] ;; WHEN: Sat Feb 3 20:40:04 2007 (~30 minutes/1800 seconds later) divewithsharks.hk. 1800 IN A 24.85.102.xxx [xxx.vs.shawcable.net] NEW divewithsharks.hk. 1800 IN A 69.47.177.xxx [d47-69-xxx-177.try.wideopenwest.com] NEW divewithsharks.hk. 1800 IN A 70.68.187.xxx [xxx.vf.shawcable.net] divewithsharks.hk. 1800 IN A 90.144.43.xxx [d90-144-43-xxx.cust.tele2.fr] divewithsharks.hk. 1800 IN A 142.165.41.xxx [142-165-41-xxx.msjw.hsdb.sasknet.sk.ca] divewithsharks.hk. 1800 IN NS ns1.world-wr.com. divewithsharks.hk. 1800 IN NS ns2.world-wr.com. ns1.world-wr.com. 85248 IN A 66.232.119.xxx [HVC-AS - HIVELOCITY VENTURES CORP] ns2.world-wr.com. 82991 IN A 209.88.199.xxx [vpdn-dsl209-88-199-xxx.alami.net] ;; WHEN: Sat Feb 3 21:10:07 2007 (~30 minutes/1800 seconds later) divewithsharks.hk. 1238 IN A 68.150.25.xxx [xxx.ed.shawcable.net] NEW divewithsharks.hk. 1238 IN A 76.209.81.xxx [SBIS-AS - AT&T Internet Services] This one retuns! divewithsharks.hk. 1238 IN A 172.189.83.xxx [xxx.ipt.aol.com] NEW divewithsharks.hk. 1238 IN A 200.115.195.xxx [pcxxx.telecentro.com.ar] NEW divewithsharks.hk. 1238 IN A 213.85.179.xxx [CNT Autonomous System] NEW divewithsharks.hk. 1238 IN NS ns1.world-wr.com. divewithsharks.hk. 1238 IN NS ns2.world-wr.com. ns1.world-wr.com. 83446 IN A 66.232.119.xxx [HVC-AS - HIVELOCITY VENTURES CORP] ns2.world-wr.com. 81189 IN A 209.88.199.xxx [vpdn-dsl209-88-199-xxx.alami.net]
  • 8. ADVANTAGES FOR THE ATTACKER • SIMPLICITY • FRONT-END DISPOSABLE NODES • MULTILAYER SECURITY
  • 9. FAST-FLUX FOR PHISHING • MORE PLAYERS • MORE TARGETS
  • 10. MITIGATION • CONTACT PROVIDER OF IP ADDRESS • REMOVE BOT VULNERABILITIES • BLOCK ACCESS TO CONTROLLERINFRASTRUCTURE