On 7/1/19 4:32 PM, Sean Lynch wrote:
I think fast flux came up in reference to a speculation I'd made regarding why the spammers were using their own nameservers rather than Namecheap's.
Ah.
I don't think it's particularly off-base to refer to rapid registration of new domains as fast flux.
I can't agree to that.Fast Flux is a technique used within a given domain name. Not something that is done across domain names.
Infoblox has a good article that refers to changing IPs behind a domain. This is decidedly not multiple domain names.
Link - What is a Fast Flux? - https://www.infoblox.com/glossary/fast-flux/As for rapidly registering domains, I'm seeing an average of 106,608 new domains registered a day. So, even if a bad actor registers 1,000 new domains, that's only 1% of the overall daily registration.
In fact, I'm pretty sure support for this, and slowness in taking down domains (though they do often take them down eventually at least), are why Namecheap is so popular.
That may very well be the case. But I think that "fast flux" is the wrong term for it.
As I mentioned, filtering using fresh.fmb.la catches about 1/3 of the domains. Fortunately, since they're actually using their own servers and not a botnet, blocking their netblock catches the rest, though it's not my preference since it will cause collateral damage (even though registering with dnswl.org is an easy way around that), it's manual, and it only helps my 3 users. Incentivizing Namecheap to move faster on these would benefit a lot more people.
ACK -- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
