Infosecurity Adviser warns on fast-flux DNS link dangers

London, 16th March 2009: Infosecurity Adviser, the online community for the information security industry, created by the organisers of Infosecurity Europe, has generated a discussion on one of the latest threats to the integrity of the Internet, fast-flux DNS linking.

In a discussion posting, Andrew Yeomans, an ISAF and Infosecurity Europe Advisory Board member, cross-references security guru Bruce Schneier's blog on a Wikileaks article on how child porn is being distributed on the Internet.

"These include the use of fast-flux DNS links to proxy servers used to anonymise connections to the hosting servers which have hidden encrypted partitions," says Yeomans.

According to Yeomans, from a technical perspective, the process is quite ingenious, since the servers used to distribute the illegal images are effectively sealed from external access, except by IP calls from specific IP addresses and using specific protocols.

Using this approach means that the chances of detection by legal agencies - including those set up to prosecute child pornography offences - are vanishingly small.

Perhaps worse, even if a `member' of an illegal ring accesses the data, they do so in an anonymous fashion – in both directions – which means that the member is unaware of the IP mechanisms being used, let alone the addresses and protocols being used, to download the images.

There is, however, one method by which this awful trade in illegal pictures can be blocked and, says Yeomans, he personally supports the blocking by major Internet service providers - at the DNS level – of host names used by illegal and criminal organisations.

This would also, Yeomans notes, include those host names used by botnets and phishers.
"I believe this would allow a much more rapid response than the current take-down system and would significantly reduce the risk to the UK public," he said.

Infosecurity Europe, running for its 14th year in 2009, is Europe’s number one Information Security event. Featuring over 300 exhibitors, the most diverse range of new products and services, an unrivalled education programme and visitors from every segment of the industry, it is the most important date in the calendar for Information Security professionals across Europe. Organised by Reed Exhibitions, the world’s largest tradeshow organiser, Infosecurity Europe is one of five Infosecurity events around the world with events also running in Belgium, Netherlands, Russia, and France. Infosecurity Europe runs from the 28th – 30th April 2009, in its new venue Earls Court, London. For further information please visit

Neil Stinchcombe, Infosecurity PR