A technique that attackers use to make it difficult for investigators to identify the devices that the attackers use to conduct a cyberattack.
With fast flux, attackers take advantage of the time-to-live (TTL) value associated with Domain Name System resource records. First, the attackers host proxy websites at multiple Internet Protocol (IP) addresses. Then, they use short TTL values in the zone data for their domain name, so they can quickly change its IP address. The continuously changing IP address effectively thwarts investigative efforts to locate the attacker's malicious content.
Attackers also use the fast-flux technique to quickly change the IP addresses of their criminal name servers. When attackers apply fast flux to their fraudulent websites and their criminal name servers in tandem, the technique is called double flux.
Formal Resolution Process
Forum of Incident Response and Security Teams(FIRST)
An international confederation of trusted computer incident response teams who cooperatively handle computer security incidents and promote incident prevention programs. FIRST enables incident response teams to more effectively respond to security incidents by providing access to best practices, tools, and trusted communication with member teams.