Navigation
Recherche
|
NSA Warns 'Fast Flux' Threatens National Security
samedi 5 avril 2025, 00:20 , par Slashdot
![]() 'This technique poses a significant threat to national security, enabling malicious cyber actors to consistently evade detection,' the NSA, FBI, and their counterparts from Canada, Australia, and New Zealand warned Thursday. 'Malicious cyber actors, including cybercriminals and nation-state actors, use fast flux to obfuscate the locations of malicious servers by rapidly changing Domain Name System (DNS) records. Additionally, they can create resilient, highly available command and control (C2) infrastructure, concealing their subsequent malicious operations.' There are two variations of fast flux described in the advisory: single flux and double flux. Single flux involves mapping a single domain to a rotating pool of IP addresses using DNS A (IPv4) or AAAA (IPv6) records. This constant cycling makes it difficult for defenders to track or block the associated malicious servers since the addresses change frequently, yet the domain name remains consistent. Double flux takes this a step further by also rotating the DNS name servers themselves. In addition to changing the IP addresses of the domain, it cycles through the name servers using NS (Name Server) and CNAME (Canonical Name) records. This adds an additional layer of obfuscation and resilience, complicating takedown efforts. 'A key means for achieving this is the use of Wildcard DNS records,' notes Ars. 'These records define zones within the Domain Name System, which map domains to IP addresses. The wildcards cause DNS lookups for subdomains that do not exist, specifically by tying MX (mail exchange) records used to designate mail servers. The result is the assignment of an attacker IP to a subdomain such as malicious.example.com, even though it doesn't exist.' Both methods typically rely on large botnets of compromised devices acting as proxies, making it challenging for defenders to trace or disrupt the malicious activity. Read more of this story at Slashdot.
https://it.slashdot.org/story/25/04/04/2059211/nsa-warns-fast-flux-threatens-national-security?utm_s...
Voir aussi |
56 sources (32 en français)
Date Actuelle
sam. 5 avril - 11:08 CEST
|