| ID | Name |
|---|---|
| ATAGS-T1185.001 | Fast Flux DNS |
| ATAGS-T1185.002 | Domain Generation Algorithms |
| ATAGS-T1185.003 | DNS Calculation |
Threat Actors may use Fast Flux DNS to hide a command and control channel behind an array of rapidly changing IP addresses linked to a single domain resolution. This technique uses a fully qualified domain name, with multiple IP addresses assigned to it which are swapped with high frequency, using a combination of round robin IP addressing and short Time-To-Live (TTL) for a DNS resource record.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.