Fast Flux / Double Fast flux

Overview

Fast flux: In addition to falsifying their IP address, attackers can hide their identity by using this technique, which relies on fast-changing location-related information to conceal where the attack is coming from. Variants exist, such as single flux (constantly changing the address of the web server) and double flux (constantly changing the address of the web server and the names of the DNS servers).

Real case abuse

Tools

Research

Mitigation

References