ICANN Security and Stability Advisory Committee (SSAC) has released a report [PDF] describing the technical aspects of fast flux hosting and fast flux service networks. From the report:

“Fast flux” is an evasion technique that cyber-criminals and Internet miscreants use to evade identification and to frustrate law enforcement and anticrime efforts aimed at locating and shutting down web sites used for illegal purposes. Fast flux hosting is an application of technology that supports a wide variety of cyber-crime activities (fraud, identity theft, online scams) and is considered one of the most serious threats to online activities today.

Basic fast flux hosting uses rapid modification of IP addresses associated with a system that hosts a malicious activity to evade detection and take down efforts. This technique is also used to rapidly modify the IP addresses of the name servers that resolve the domain names of the fluxed malicious hosts (this variant is sometimes called NS fast flux). A particularly troublesome variant of fast flux hosting, “double flux”, fluxes addresses of both name servers and malicious (web server) hosts.

Read Full Story (External Source)