It’s “a defensive gap in many networks,” the report says.
The agencies recommend that all stakeholders, both government and providers, collaborate on developing and implementing scalable solutions to close this gap.
However, the report admits, differentiating fast flux from legitimate activity “remains an ongoing challenge.” For example, some common content delivery network (CDN) behaviors may look like malicious fast flux activity. To avoid blocking or impeding legitimate content, Protective DNS services (PDNS), service providers, and network defenders should make “reasonable efforts,” such as allowlisting expected CDN services, the report says.