Fast-flux is a mechanism used by cybercriminals to disguise the identification of web servers and their location by IP address. The fast-flux mechanism abuses the Domain NameSystem( DNS) and creates a botnet where nodes are added and taken down so quickly that they cannot be identified.
Fast-flux takes advantage of load balancing in DNS systems, where a server can distribute its tasks among multiple machines. In Domain Name System (DNS), the administrator can register multiple IP addresses over a single host name. These alternate IP addresses are usually used to distribute traffic between multiple servers. Where normally the IP address of the domain does not change or changes infrequently. Cybercriminals, on the other hand, hide their servers by setting the time-to-live( TTL) field of the DNS resource record to a period of one minute or less and changing this entry at the shortest intervals. This creates permanently changing domain names. Moreover, the domains are from such countries that still have no or lax laws against cybercrime.
Fast-Flux exists in a simple version as Single-Flux. This constellation has many individual nodes that can register the IP addresses in the domain, keeping the Time to Live (TTL) lifetime very short to generate constantly changing IP addresses for the domains. In contrast, Double-Flux, the second Fast-Flux constellation,focuses on redundancy.
Fast-flux botnets are responsible for illegal practices and various malware, such as websitephishing, malicious, right-wing extremist and extremely youth-endangering websites.