Definition

domain fluxing

Contributor(s): Crystal Bedell

Domain fluxing is a technique for keeping a malicious botnet in operation by constantly changing the domain name of the botnet owner's Command and Control (C&C) server.

If something is "in flux," it means it is constantly changing. In this case, the bots are using a domain-generation algorithm (DGA) to produce tens of thousands of random domain names, one of which will actually be registered by the botnet operator. Each bot then sends out DNS queries to the random domains until one of them actually resolves to the address of the C&C server.  

Domain fluxing can make it difficult for security researchers and administrators to block instructions from a C&C server and shut a botnet down. Domain fluxing was popularized by Conficker and is also used by Kraken and a rootkit called Torpig.

See also: fast-flux DNS

This was last updated in November 2013

Continue Reading About domain fluxing

Dig Deeper on Hacker Tools and Techniques: Underground Sites and Hacking Groups

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close