Posted on 04/04/2025 3:35:54 PM PDT by Governor Dinwiddie
An anonymous reader quotes a report from Ars Technica:
A technique that hostile nation-states and financially motivated ransomware groups are using to hide their operations poses a threat to critical infrastructure and national security, the National Security Agency has warned. The technique is known as fast flux. It allows decentralized networks operated by threat actors to hide their infrastructure and survive takedown attempts that would otherwise succeed. Fast flux works by cycling through a range of IP addresses and domain names that these botnets use to connect to the Internet. In some cases, IPs and domain names change every day or two; in other cases, they change almost hourly. The constant flux complicates the task of isolating the true origin of the infrastructure. It also provides redundancy. By the time defenders block one address or domain, new ones have already been assigned.There are two variations of fast flux described in the advisory: single flux and double flux. Single flux involves mapping a single domain to a rotating pool of IP addresses using DNS A (IPv4) or AAAA (IPv6) records. This constant cycling makes it difficult for defenders to track or block the associated malicious servers since the addresses change frequently, yet the domain name remains consistent."This technique poses a significant threat to national security, enabling malicious cyber actors to consistently evade detection," the NSA, FBI, and their counterparts from Canada, Australia, and New Zealand warned Thursday. "Malicious cyber actors, including cybercriminals and nation-state actors, use fast flux to obfuscate the locations of malicious servers by rapidly changing Domain Name System (DNS) records. Additionally, they can create resilient, highly available command and control (C2) infrastructure, concealing their subsequent malicious operations."
Double flux takes this a step further by also rotating the DNS name servers …
(Excerpt) Read more at it.slashdot.org ...
It would be possible to design a secure trusted internet architecture, but wester intelligence agencies don’t want a secure internet because they want to spy on western people. It would be simple enough to exclude non trusted actors and cut off access to bad actors. It’s a bit like election security. You can get it, but you have to actually want it.
I'm worried about the Double Secret Fluxation.
So that's how our corrupt Democrats collect their filthy lucre! Makes it hard of the DOGE Boys to ferret them out.
I'm afraid in that case you are totally fluxed.
Isn’t the Web a great place?
That’s the one the NSA uses against us.
Paging Mr. Musk, will Mr. Elon Musk please pickup the white courtesy phone ?
This is already a known and easily defeated tactic.
> I'm afraid in that case you are totally fluxed.
Not if you have the New Improved Double Secret Flux Capacitor!
Perhaps you could elaborate on that statement?
“Mapping a single domain to a rotating pool of IP addresses using DNS” is an early form of load sharing.
What did you expect them to say? “Yup, you got us, we suck, nice catch?”
Case in point:
$ nslookup target.com
Server: 127.0.0.53
Address: 127.0.0.53#53Non-authoritative answer:
Name: target.com
Address: 151.101.66.187
Name: target.com
Address: 151.101.194.187
Name: target.com
Address: 151.101.130.187
Name: target.com
Address: 151.101.2.187
p
bump for later
it's the same reason I get spam calls everyday (99% are hangups). They can be stopped but lucre for the telephone companies override my peace and quiet.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.