domain fluxing

Domain fluxing is a technique used by botnet operators for their command-and-control infrastructures to avoid detection by security technologies and researchers attempting to shut their botnets down.

Domain fluxing is a technique for keeping a malicious botnet in operation by constantly changing the domain name of the botnet owner's Command and Control (C&C) server.

If something is "in flux," it means it is constantly changing. In this case, the bots are using a domain-generation algorithm (DGA) to produce tens of thousands of random domain names, one of which will actually be registered by the botnet operator. Each bot then sends out DNS queries to the random domains until one of them actually resolves to the address of the C&C server.  

Domain fluxing can make it difficult for security researchers and administrators to block instructions from a C&C server and shut a botnet down. Domain fluxing was popularized by Conficker and is also used by Kraken and a rootkit called Torpig.

See also: fast-flux DNS

This was first published in November 2013

Continue Reading About domain fluxing

Glossary

'domain fluxing' is part of the:

View All Definitions

Dig deeper on Hacker Tools and Techniques: Underground Sites and Hacking Groups

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close