Fast Flux Botnet Data Service

From MilcordWiki

Contents 1 What is fast flux? 2 What is fast flux used for? 3 What is Fast Flux Botnet Data Service? 4 What does Fast Flux Botnet Data Service provide? 5 What are the applications of Fast Flux Botnet Data Service? 6 How to evaluate or purchase the data service? 7 References

What is fast flux?

Fast flux is rapid and repeated changes to host and/or name server resource records, which result in rapidly changing the IP address to which the domain name of an Internet host or name server resolves. There are three main variants of fast flux hosting:

• Basic fast flux hosting where IP addresses of malicious web sites are fluxed
• Name Server (NS) fluxing where IP addresses of DNS name servers are fluxed
• Double flux, where IP addresses of web sites and name servers are fluxed

What is fast flux used for?

While fast flux methods do have a legitimate use as a load balancing technique for high availability and high volume Web sites, its malicious use enables concealment of the Command and Control server using compromised machines (‘zombies’) that are used in DDoS, spam, phishing, malware delivery by botnet operators.

What is Fast Flux Botnet Data Service?

Fast Flux Botnet Data Service is a data repository that Milcord has built using state of the art technology that detects and classifies fast flux botnets using both active and passive DNS monitoring. In addition, our approach is able to differentiate and classify all three fast-flux variants, including name server flux and double-flux.

What does Fast Flux Botnet Data Service provide?

Fast Flux Botnet Sata Service provides newly discovered domains, domain IPs, nameserver domains, nameserver domain IPs used in fast flux service networks for malicious activities for spam campaigns, phishing attacks, malware delivery. The data repository is available as a standalone database or through a Web service API.

What are the applications of Fast Flux Botnet Data Service?

Our data service can be used by ISPs to find the infected consumer machines on their networks, by university System Administrators to find infected student machines, by financial service companies to determine the client machines under the control of botnet operators, by CERTs to check outbound traffic record archives against the data feed to analyze suspicious traffic patterns, by government agency and large enterprise Network Administrators to check outbound traffic against the data feed to prevent infection of enterprise computing resources.

How to evaluate or purchase the data service?

• Email sales@milcord.com for evaluation access
• Fast Flux Botnet Data Service is available as an annual subscription. Please cal (617) 698-0440 for pricing.

References

• Caglayan, A., Toothaker, M., Drapeau, D., Burke, D. and Eaton, G. (2009) Behavioral Analysis of Fast Flux Service Networks , Fifth Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW 09), Oak Ridge, TN, April 13-15, 2009. abstract presentation
• Caglayan, A. Toothaker, M., Drapeau, D., Burke, D. and Eaton, G. (2009) Real Time Detection of Fast Flux Service Networks , Cybersecurity Applications and Technologies Conference for Homeland Security (CATCH 2009), Washington, DC, March 3-4, 2009. presentation