SlideShare a Scribd company logo

Fast flux

Download as PPTX, PDF
Swapnil Patil
Swapnil Patil

Fast flux is a DNS technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies.

Education
1 of 12
INTRODUCTION • WHAT IS FAST FLUX? • LOAD BALANCING • MOTHERSHIPS
bot herder "leases" botnet to "customer" 2 bot herder infects hosts 1 Customer "acquires" phishing kit from malware author 3 Via a registrar, customer registers nameserverservicenetwork.tld and boguswebsitesexample.tld 4 5 Via a registrar, customer fluxes NS records for nameserverservicenetwork.tld $TTL 180 Customer spams phishing email to lure victims to bogus web site 8 STEPS 5-7 repeat as TTLs expire… ANATOMY OF AN ATTACK 6 flux host records for boguswebsitesexample.tld have $TTL 180 Customer uses botnet channel to load bogus web site onto hosts boguswebsitesexample.tld 7
HOW FAST FLUX WORKS
TYPES OF FAST FLUX 1.SINGLE FLUX 2.DOUBLE FLUX
REAL LIFE EXAMPLE;; WHEN: Sat Feb 3 20:08:08 2007 divewithsharks.hk. 1800 IN A 70.68.187.xxx [xxx.vf.shawcable.net] divewithsharks.hk. 1800 IN A 76.209.81.xxx [SBIS-AS - AT&T Internet Services] divewithsharks.hk. 1800 IN A 85.207.74.xxx [adsl-ustixxx-74-207-85.bluetone.cz] divewithsharks.hk. 1800 IN A 90.144.43.xxx [d90-144-43-xxx.cust.tele2.fr] divewithsharks.hk. 1800 IN A 142.165.41.xxx [142-165-41-xxx.msjw.hsdb.sasknet.sk.ca] divewithsharks.hk. 1800 IN NS ns1.world-wr.com. divewithsharks.hk. 1800 IN NS ns2.world-wr.com. ns1.world-wr.com. 87169 IN A 66.232.119.212 [HVC-AS - HIVELOCITY VENTURES CORP] ns2.world-wr.com. 87177 IN A 209.88.199.xxx [vpdn-dsl209-88-199-xxx.alami.net] ;; WHEN: Sat Feb 3 20:40:04 2007 (~30 minutes/1800 seconds later) divewithsharks.hk. 1800 IN A 24.85.102.xxx [xxx.vs.shawcable.net] NEW divewithsharks.hk. 1800 IN A 69.47.177.xxx [d47-69-xxx-177.try.wideopenwest.com] NEW divewithsharks.hk. 1800 IN A 70.68.187.xxx [xxx.vf.shawcable.net] divewithsharks.hk. 1800 IN A 90.144.43.xxx [d90-144-43-xxx.cust.tele2.fr] divewithsharks.hk. 1800 IN A 142.165.41.xxx [142-165-41-xxx.msjw.hsdb.sasknet.sk.ca] divewithsharks.hk. 1800 IN NS ns1.world-wr.com. divewithsharks.hk. 1800 IN NS ns2.world-wr.com. ns1.world-wr.com. 85248 IN A 66.232.119.xxx [HVC-AS - HIVELOCITY VENTURES CORP] ns2.world-wr.com. 82991 IN A 209.88.199.xxx [vpdn-dsl209-88-199-xxx.alami.net] ;; WHEN: Sat Feb 3 21:10:07 2007 (~30 minutes/1800 seconds later) divewithsharks.hk. 1238 IN A 68.150.25.xxx [xxx.ed.shawcable.net] NEW divewithsharks.hk. 1238 IN A 76.209.81.xxx [SBIS-AS - AT&T Internet Services] This one retuns! divewithsharks.hk. 1238 IN A 172.189.83.xxx [xxx.ipt.aol.com] NEW divewithsharks.hk. 1238 IN A 200.115.195.xxx [pcxxx.telecentro.com.ar] NEW divewithsharks.hk. 1238 IN A 213.85.179.xxx [CNT Autonomous System] NEW divewithsharks.hk. 1238 IN NS ns1.world-wr.com. divewithsharks.hk. 1238 IN NS ns2.world-wr.com. ns1.world-wr.com. 83446 IN A 66.232.119.xxx [HVC-AS - HIVELOCITY VENTURES CORP] ns2.world-wr.com. 81189 IN A 209.88.199.xxx [vpdn-dsl209-88-199-xxx.alami.net]
ADVANTAGES FOR THE ATTACKER • SIMPLICITY • FRONT-END DISPOSABLE NODES • MULTILAYER SECURITY
FAST-FLUX FOR PHISHING • MORE PLAYERS • MORE TARGETS
MITIGATION • CONTACT PROVIDER OF IP ADDRESS • REMOVE BOT VULNERABILITIES • BLOCK ACCESS TO CONTROLLERINFRASTRUCTURE
REFERENCES • HTTP://WWW.HONEYNET.ORG/NODE/131 • HTTP://SCHOLAR.GOOGLE.CO.IN/SCHOLAR?Q=FAST+FLUX&HL=EN&AS_SDT=0&AS_VIS=1&OI=SCHOLA RT&SA=X&EI=N07CU6ZDKOW48GW374GADW&VED=0CBSQGQMWAA • HTTP://EN.WIKIPEDIA.ORG/WIKI/FAST_FLUX
THANK YOU

Recommended

Introduction to Ethical Hacking pdf file
Introduction to Ethical Hacking pdf fileIntroduction to Ethical Hacking pdf file
Introduction to Ethical Hacking pdf file
debmajumder741249
 
Module 2 (footprinting)
Module 2 (footprinting)Module 2 (footprinting)
Module 2 (footprinting)
Wail Hassan
 
Tor Browser Forensics on Windows OS
Tor Browser Forensics on Windows OSTor Browser Forensics on Windows OS
Tor Browser Forensics on Windows OS
Reality Net System Solutions
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
Institute of Information Security (IIS)
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
Sina Manavi
 
Sit presentation - Hacking
Sit presentation - HackingSit presentation - Hacking
Sit presentation - Hackingmsolis0710
 
The Secret Of Hacking Trial Pages
The Secret Of Hacking Trial PagesThe Secret Of Hacking Trial Pages
The Secret Of Hacking Trial Pages
leoimpact
 
In-depth forensic analysis of Windows registry files
In-depth forensic analysis of Windows registry filesIn-depth forensic analysis of Windows registry files
In-depth forensic analysis of Windows registry files
Maxim Suhanov
 

Recommended

Introduction to Ethical Hacking pdf file
Introduction to Ethical Hacking pdf fileIntroduction to Ethical Hacking pdf file
Introduction to Ethical Hacking pdf file
debmajumder741249
 
Module 2 (footprinting)
Module 2 (footprinting)Module 2 (footprinting)
Module 2 (footprinting)
Wail Hassan
 
Tor Browser Forensics on Windows OS
Tor Browser Forensics on Windows OSTor Browser Forensics on Windows OS
Tor Browser Forensics on Windows OS
Reality Net System Solutions
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
Institute of Information Security (IIS)
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
Sina Manavi
 
Sit presentation - Hacking
Sit presentation - HackingSit presentation - Hacking
Sit presentation - Hackingmsolis0710
 
The Secret Of Hacking Trial Pages
The Secret Of Hacking Trial PagesThe Secret Of Hacking Trial Pages
The Secret Of Hacking Trial Pages
leoimpact
 
In-depth forensic analysis of Windows registry files
In-depth forensic analysis of Windows registry filesIn-depth forensic analysis of Windows registry files
In-depth forensic analysis of Windows registry files
Maxim Suhanov
 
Next Generation Memory Forensics
Next Generation Memory ForensicsNext Generation Memory Forensics
Next Generation Memory Forensics
Andrew Case
 
File000125
File000125File000125
File000125Desmond Devendran
 
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsMemory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Jared Greenhill
 
HACKING
HACKINGHACKING
HACKING
UpendraSingamsetty
 
Examining computer and evidence collection
Examining computer and evidence collectionExamining computer and evidence collection
Examining computer and evidence collection
gagan deep
 
Sony Playstation Hack Presentation
Sony Playstation Hack PresentationSony Playstation Hack Presentation
Sony Playstation Hack Presentation
CreditCardFinder
 
Legal aspects of digital forensics
Legal aspects of digital forensics Legal aspects of digital forensics
Legal aspects of digital forensics
KakshaPatel3
 
Unrestricted file upload
Unrestricted file uploadUnrestricted file upload
Unrestricted file upload
vikram vashisth
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Qazi Anwar
 
H A C K I N Gjk,K
H A C K I N Gjk,KH A C K I N Gjk,K
H A C K I N Gjk,KHudzaifah Hud Azman
 
Blockchain
BlockchainBlockchain
Blockchain
ChrisSwanson37
 
Online Gambling
Online GamblingOnline Gambling
Online Gambling
Amit Shinde
 
Consensus Algorithms - Nakov @ jProfessionals - Jan 2018
Consensus Algorithms - Nakov @ jProfessionals - Jan 2018Consensus Algorithms - Nakov @ jProfessionals - Jan 2018
Consensus Algorithms - Nakov @ jProfessionals - Jan 2018
Svetlin Nakov
 
Hyperledger fabric architecture
Hyperledger fabric architectureHyperledger fabric architecture
Hyperledger fabric architecture
Celine George
 
Cybercrime Awareness
Cybercrime AwarenessCybercrime Awareness
Cybercrime Awareness
Sibesh Singh
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
Online
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
Cyber Crime and Cyber Security
Cyber Crime and Cyber SecurityCyber Crime and Cyber Security
Cyber Crime and Cyber Security
Sazed Salman
 
Botconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server DetectionBotconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server Detection
SensePost
 
Fast flux hosting and DNS
Fast flux hosting and DNSFast flux hosting and DNS
Fast flux hosting and DNSamiable_indian
 

More Related Content

What's hot

Next Generation Memory Forensics
Next Generation Memory ForensicsNext Generation Memory Forensics
Next Generation Memory Forensics
Andrew Case
 
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsMemory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Jared Greenhill
 
HACKING
HACKINGHACKING
HACKING
UpendraSingamsetty
 
Examining computer and evidence collection
Examining computer and evidence collectionExamining computer and evidence collection
Examining computer and evidence collection
gagan deep
 
Sony Playstation Hack Presentation
Sony Playstation Hack PresentationSony Playstation Hack Presentation
Sony Playstation Hack Presentation
CreditCardFinder
 
Legal aspects of digital forensics
Legal aspects of digital forensics Legal aspects of digital forensics
Legal aspects of digital forensics
KakshaPatel3
 
Unrestricted file upload
Unrestricted file uploadUnrestricted file upload
Unrestricted file upload
vikram vashisth
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Qazi Anwar
 
Blockchain
BlockchainBlockchain
Blockchain
ChrisSwanson37
 
Online Gambling
Online GamblingOnline Gambling
Online Gambling
Amit Shinde
 
Consensus Algorithms - Nakov @ jProfessionals - Jan 2018
Consensus Algorithms - Nakov @ jProfessionals - Jan 2018Consensus Algorithms - Nakov @ jProfessionals - Jan 2018
Consensus Algorithms - Nakov @ jProfessionals - Jan 2018
Svetlin Nakov
 
Hyperledger fabric architecture
Hyperledger fabric architectureHyperledger fabric architecture
Hyperledger fabric architecture
Celine George
 
Cybercrime Awareness
Cybercrime AwarenessCybercrime Awareness
Cybercrime Awareness
Sibesh Singh
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
Online
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
Cyber Crime and Cyber Security
Cyber Crime and Cyber SecurityCyber Crime and Cyber Security
Cyber Crime and Cyber Security
Sazed Salman
 

What's hot (20)

Next Generation Memory Forensics
Next Generation Memory ForensicsNext Generation Memory Forensics
Next Generation Memory Forensics
 
File000125
File000125File000125
File000125
 
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced ActorsMemory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
Memory Forensics for IR - Leveraging Volatility to Hunt Advanced Actors
 
HACKING
HACKINGHACKING
HACKING
 
Examining computer and evidence collection
Examining computer and evidence collectionExamining computer and evidence collection
Examining computer and evidence collection
 
Sony Playstation Hack Presentation
Sony Playstation Hack PresentationSony Playstation Hack Presentation
Sony Playstation Hack Presentation
 
Legal aspects of digital forensics
Legal aspects of digital forensics Legal aspects of digital forensics
Legal aspects of digital forensics
 
Unrestricted file upload
Unrestricted file uploadUnrestricted file upload
Unrestricted file upload
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
 
H A C K I N Gjk,K
H A C K I N Gjk,KH A C K I N Gjk,K
H A C K I N Gjk,K
 
Blockchain
BlockchainBlockchain
Blockchain
 
Online Gambling
Online GamblingOnline Gambling
Online Gambling
 
Consensus Algorithms - Nakov @ jProfessionals - Jan 2018
Consensus Algorithms - Nakov @ jProfessionals - Jan 2018Consensus Algorithms - Nakov @ jProfessionals - Jan 2018
Consensus Algorithms - Nakov @ jProfessionals - Jan 2018
 
Hyperledger fabric architecture
Hyperledger fabric architectureHyperledger fabric architecture
Hyperledger fabric architecture
 
Cybercrime Awareness
Cybercrime AwarenessCybercrime Awareness
Cybercrime Awareness
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Cyber Crime and Cyber Security
Cyber Crime and Cyber SecurityCyber Crime and Cyber Security
Cyber Crime and Cyber Security
 

Viewers also liked

Botconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server DetectionBotconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server Detection
SensePost
 
Fast flux hosting and DNS
Fast flux hosting and DNSFast flux hosting and DNS
Fast flux hosting and DNSamiable_indian
 
OpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&COpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&C
Courtland Smith
 
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Paladion Networks
 
DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016
Maarten Balliauw
 
The DNS Tunneling Blindspot
The DNS Tunneling BlindspotThe DNS Tunneling Blindspot
The DNS Tunneling Blindspot
Brian A. McHenry
 
Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the name
Security BSides London
 
Dns security threats and solutions
Dns security threats and solutionsDns security threats and solutions
Dns security threats and solutions
Frank Victory
 
Dns security
Dns securityDns security
Dns security
Dhaval Kapil
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniques
inbroker
 
DNS Security
DNS SecurityDNS Security
DNS Security
inbroker
 
Let's Lean and Implement flux
Let's Lean and Implement fluxLet's Lean and Implement flux
Let's Lean and Implement flux
大樹 小倉
 
CNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS SecurityCNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS Security
Sam Bowne
 
DNS Security Presentation ISSA
DNS Security Presentation ISSADNS Security Presentation ISSA
DNS Security Presentation ISSA
Srikrupa Srivatsan
 
Scalability, Availability & Stability Patterns
Scalability, Availability & Stability PatternsScalability, Availability & Stability Patterns
Scalability, Availability & Stability Patterns
Jonas Bonér
 

Viewers also liked (17)

Botconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server DetectionBotconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server Detection
 
Fast flux hosting and DNS
Fast flux hosting and DNSFast flux hosting and DNS
Fast flux hosting and DNS
 
OpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&COpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&C
 
DNS Security
DNS SecurityDNS Security
DNS Security
 
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
 
DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016
 
The DNS Tunneling Blindspot
The DNS Tunneling BlindspotThe DNS Tunneling Blindspot
The DNS Tunneling Blindspot
 
Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the name
 
Dns security threats and solutions
Dns security threats and solutionsDns security threats and solutions
Dns security threats and solutions
 
Dns security
Dns securityDns security
Dns security
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniques
 
DNS Security
DNS SecurityDNS Security
DNS Security
 
Security of DNS
Security of DNSSecurity of DNS
Security of DNS
 
Let's Lean and Implement flux
Let's Lean and Implement fluxLet's Lean and Implement flux
Let's Lean and Implement flux
 
CNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS SecurityCNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS Security
 
DNS Security Presentation ISSA
DNS Security Presentation ISSADNS Security Presentation ISSA
DNS Security Presentation ISSA
 
Scalability, Availability & Stability Patterns
Scalability, Availability & Stability PatternsScalability, Availability & Stability Patterns
Scalability, Availability & Stability Patterns
 

Recently uploaded

PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
AyyanKhan40
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
camakaiclarkmusic
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
thanhdowork
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Dr. Vinod Kumar Kanvaria
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Excellence Foundation for South Sudan
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
Reflective and Evaluative Practice...pdf
Reflective and Evaluative Practice...pdfReflective and Evaluative Practice...pdf
Reflective and Evaluative Practice...pdf
amberjdewit93
 
How to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold MethodHow to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold Method
Celine George
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
amberjdewit93
 
MERN Stack Developer Roadmap By ScholarHat PDF
MERN Stack Developer Roadmap By ScholarHat PDFMERN Stack Developer Roadmap By ScholarHat PDF
MERN Stack Developer Roadmap By ScholarHat PDF
scholarhattraining
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
Scholarhat
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Akanksha trivedi rama nursing college kanpur.
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
chanes7
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
Priyankaranawat4
 
Top five deadliest dog breeds in America
Top five deadliest dog breeds in AmericaTop five deadliest dog breeds in America
Top five deadliest dog breeds in America
Bisnar Chase Personal Injury Attorneys
 
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
IreneSebastianRueco1
 

Recently uploaded (20)

PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
Reflective and Evaluative Practice...pdf
Reflective and Evaluative Practice...pdfReflective and Evaluative Practice...pdf
Reflective and Evaluative Practice...pdf
 
How to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold MethodHow to Build a Module in Odoo 17 Using the Scaffold Method
How to Build a Module in Odoo 17 Using the Scaffold Method
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
 
MERN Stack Developer Roadmap By ScholarHat PDF
MERN Stack Developer Roadmap By ScholarHat PDFMERN Stack Developer Roadmap By ScholarHat PDF
MERN Stack Developer Roadmap By ScholarHat PDF
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
 
Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
 
Top five deadliest dog breeds in America
Top five deadliest dog breeds in AmericaTop five deadliest dog breeds in America
Top five deadliest dog breeds in America
 
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
 

Fast flux

  • 1.
  • 2. INTRODUCTION • WHAT IS FAST FLUX? • LOAD BALANCING • MOTHERSHIPS
  • 3. bot herder "leases" botnet to "customer" 2 bot herder infects hosts 1 Customer "acquires" phishing kit from malware author 3 Via a registrar, customer registers nameserverservicenetwork.tld and boguswebsitesexample.tld 4 5 Via a registrar, customer fluxes NS records for nameserverservicenetwork.tld $TTL 180 Customer spams phishing email to lure victims to bogus web site 8 STEPS 5-7 repeat as TTLs expire… ANATOMY OF AN ATTACK 6 flux host records for boguswebsitesexample.tld have $TTL 180 Customer uses botnet channel to load bogus web site onto hosts boguswebsitesexample.tld 7
  • 5. TYPES OF FAST FLUX 1.SINGLE FLUX 2.DOUBLE FLUX
  • 6.
  • 7. REAL LIFE EXAMPLE;; WHEN: Sat Feb 3 20:08:08 2007 divewithsharks.hk. 1800 IN A 70.68.187.xxx [xxx.vf.shawcable.net] divewithsharks.hk. 1800 IN A 76.209.81.xxx [SBIS-AS - AT&T Internet Services] divewithsharks.hk. 1800 IN A 85.207.74.xxx [adsl-ustixxx-74-207-85.bluetone.cz] divewithsharks.hk. 1800 IN A 90.144.43.xxx [d90-144-43-xxx.cust.tele2.fr] divewithsharks.hk. 1800 IN A 142.165.41.xxx [142-165-41-xxx.msjw.hsdb.sasknet.sk.ca] divewithsharks.hk. 1800 IN NS ns1.world-wr.com. divewithsharks.hk. 1800 IN NS ns2.world-wr.com. ns1.world-wr.com. 87169 IN A 66.232.119.212 [HVC-AS - HIVELOCITY VENTURES CORP] ns2.world-wr.com. 87177 IN A 209.88.199.xxx [vpdn-dsl209-88-199-xxx.alami.net] ;; WHEN: Sat Feb 3 20:40:04 2007 (~30 minutes/1800 seconds later) divewithsharks.hk. 1800 IN A 24.85.102.xxx [xxx.vs.shawcable.net] NEW divewithsharks.hk. 1800 IN A 69.47.177.xxx [d47-69-xxx-177.try.wideopenwest.com] NEW divewithsharks.hk. 1800 IN A 70.68.187.xxx [xxx.vf.shawcable.net] divewithsharks.hk. 1800 IN A 90.144.43.xxx [d90-144-43-xxx.cust.tele2.fr] divewithsharks.hk. 1800 IN A 142.165.41.xxx [142-165-41-xxx.msjw.hsdb.sasknet.sk.ca] divewithsharks.hk. 1800 IN NS ns1.world-wr.com. divewithsharks.hk. 1800 IN NS ns2.world-wr.com. ns1.world-wr.com. 85248 IN A 66.232.119.xxx [HVC-AS - HIVELOCITY VENTURES CORP] ns2.world-wr.com. 82991 IN A 209.88.199.xxx [vpdn-dsl209-88-199-xxx.alami.net] ;; WHEN: Sat Feb 3 21:10:07 2007 (~30 minutes/1800 seconds later) divewithsharks.hk. 1238 IN A 68.150.25.xxx [xxx.ed.shawcable.net] NEW divewithsharks.hk. 1238 IN A 76.209.81.xxx [SBIS-AS - AT&T Internet Services] This one retuns! divewithsharks.hk. 1238 IN A 172.189.83.xxx [xxx.ipt.aol.com] NEW divewithsharks.hk. 1238 IN A 200.115.195.xxx [pcxxx.telecentro.com.ar] NEW divewithsharks.hk. 1238 IN A 213.85.179.xxx [CNT Autonomous System] NEW divewithsharks.hk. 1238 IN NS ns1.world-wr.com. divewithsharks.hk. 1238 IN NS ns2.world-wr.com. ns1.world-wr.com. 83446 IN A 66.232.119.xxx [HVC-AS - HIVELOCITY VENTURES CORP] ns2.world-wr.com. 81189 IN A 209.88.199.xxx [vpdn-dsl209-88-199-xxx.alami.net]
  • 8. ADVANTAGES FOR THE ATTACKER • SIMPLICITY • FRONT-END DISPOSABLE NODES • MULTILAYER SECURITY
  • 9. FAST-FLUX FOR PHISHING • MORE PLAYERS • MORE TARGETS
  • 10. MITIGATION • CONTACT PROVIDER OF IP ADDRESS • REMOVE BOT VULNERABILITIES • BLOCK ACCESS TO CONTROLLERINFRASTRUCTURE