L’home dibuixat

[Search Security] Thinking fast-flux: New bait for advanced phishing tactics. Consisteix en la utilització de màquines compromeses per actuar com a proxy invers per a les pàgines web i els servidors de nom del domini suplantat.

El nom del lloc atacat apunta, en la configuració de la zona del DNS, a un nombre d'adreces IP amb un TTL molt curt (habitualment menys de cinc minuts), aplicant la tècnica del round robin El servei de proxy permet que l'adreça de destinació, on es troben el servidors dedicats, quedi totalment oculta.

Since the summer of 2007, there has been an explosion of large-scale fast-flux botnets. With this technique, bad guys can leverage thousands of disposable drone machines as intermediaries, rapidly swapping among different systems, confounding investigators who try to trace back a constantly fluctuating set of targets.

(…)

Instead, the DNS server associated with www.fakebank.com uses a technique called round-robin DNS. Round-robin DNS allows numerous IP addresses, often five or more, in a response to a single DNS query for a single name. Round robin DNS isn't evil; it was created for load balancing across multiple servers. Fast-fluxers, however, can abuse round-robin DNS, sending responses for www.fakebank.com and mapping the site to several IP addresses, which we'll call a.b.c.d, e.f.g.h, i.j.k.l, and so on.

If users then click on the www.fakebank.com link, their browser will try to connect to a Web server at one of these IP addresses. The machines at those addresses, however, are actually bot-infected victim machines, and they are running a transparent Web proxy. When a Web request is received, each Web proxy running on a victim machine sends the Web request to the EvilServer at w.x.y.z.

Entrades aleatòries