Fast flux webhosting is a serious and mounting problem that can affect name services in all TLDs. SSAC encourages ICANN, registries and registrars to consider the practices mentioned in this Advisory, to establish best practices to mitigate fast flux hosting, and to consider whether such practices should be addressed in future agreements, please protect your web hosting directory. SSAC offers the following findings for consideration by the community:
1) Fast flux web site hosting enables a highly sophisticated attack launching infrastructure that increasingly exploits domain name resolution and registration services to abet illegal and objectionable activities.
2) Current methods to thwart fast flux hosting by detecting and dismantling botnets are not effective.
3) Double flux further thwarts detection and hampers measures to shut down fast flux website hosting web sites.
4) Frequent modifications to name server (NS) records by a domain name registrant and short TTLs in name server A records in TLD zone files are signatures that can be monitored to identify potential abuses of name services.
5) Measures that prevent automated changes to DNS information and that set longer minimum TTLs for name server A records in TLD zone files appear to be effective but are not uniformly practiced.
6) Additional measures have been suggested to combat fast flux hosting and merit further study.