A technique that attackers use to make it difficult for investigators to identify the devices that the attackers use to conduct a cyberattack.
With fast flux, attackers take advantage of the time-to-live (TTL) value associated with Domain Name System resource records. First, the attackers host proxy websites at multiple Internet Protocol (IP) addresses. Then, they use short TTL values in the zone data for their domain name, so they can quickly change its IP address. The continuously changing IP address effectively thwarts investigative efforts to locate the attacker's malicious content.
Attackers also use the fast-flux technique to quickly change the IP addresses of their criminal name servers. When attackers apply fast flux to their fraudulent websites and their criminal name servers in tandem, the technique is called double flux.