Fast Flux
Fast flux is a DNS technique used by attackers to rapidly change the IP addresses associated with a domain — sometimes cycling through hundreds of IPs within minutes. It is used to make C2 servers and phishing sites resistant to IP-based blocking and takedowns.
Frequently Asked Questions
What is Fast Flux?
Fast flux is a DNS technique used by attackers to rapidly change the IP addresses associated with a domain — sometimes cycling through hundreds of IPs within minutes. It is used to make C2 servers and phishing sites resistant to IP-based blocking and takedowns.
How is Fast Flux related to DNS (Domain Name System)?
Fast Flux and DNS (Domain Name System) are both key concepts in threat intelligence. The Domain Name System translates human-readable domain names (like ismalicious.com) into IP addresses. DNS data is a rich source of threat intelligence — malicious domains, fast-flux networks, DNS tunneling, and typosquatting are all detectable via DNS analysis.