ARP Spoofing À̶õ
MAC Address º¯°æ °ø°ÝÀÚÀÇ ÄÄÇ»ÅÍ·Î ¸ð´ÏÅ͸µ ÇÒ ¼ö ÀÖ´Â °ø°Ý¹ý.
Á¤º¸½Àµæ ÀÌ¿Ü¿¡µµ ½Ã½ºÅÛÀå¾Ö¸¦ ÀÏÀ¸Å°´Â °Íµµ °¡´ÉÇÏ´Ù.
°¨¿°°æ·Î(ÃÖÃÊ°¨¿°)
À¥ºê¶ó¿ìÀú(º¯Á¶µÈ ÆäÀÌÁö°¡ »ðÀÔµÈ È¨ÆäÀÌÁö)Á¢¼Ó ¹× USB¸Þ¸ð¸® µîÀ» ÅëÇÑ °¨¿°
D´ëÇб³ÀÇ »ç·¡
[°¨¿°¿øÀÎ]
D´ëÇб³ÀÇ °æ¿ì Adobe FlashÀÇ Ãë¾àÁ¡À» ÀÌ¿ëÇÑ °¨¿°ÀǽÉ
[Áõ»ó]
MAC Address º¯°æ °ø°Ý¿¡ ÀÇÇÑ ³×Æ®¿öÅ© Àå¾Ö
[¹ÙÀÌ·¯½º ¹× °¨¿°ÆÄÀÏ È®ÀÎ]
Arp –a¸¦ ÅëÇÑ spoofing È®ÀÎ
([½ÃÀÛ]-[½ÇÇà]-[cmd]-[arp -a])
Process ExplorerÀ» ÅëÇÑ ÀǽÉÆÄÀÏ ½ÇÇà ¹× ÀǽÉdll ÆÄÀÏÀÇ ÀÎÀè¼Ç ¿©ºÎÈ®ÀÎ
(nvsvc.exe, anszxc10.dll, anszxc20.dll, anhzxc.exe, smx4pnp.dll µî)
[¹ÙÀÌ·¯½º Ä¡·á]
ÇØ´ç ¹ÙÀÌ·¯½º ÆÄÀÏÀÇ Ä¡·á ¹× ·¹Áö½ºÆ®¸® Ä¡·á
(ÆÄÀÏ
C:\Documents and Settings\Administrator\Microsoft ¾ÈÀÇ smx4pnp.dll ¹× smx4pnp.log »èÁ¦
C:\WINDOWS\system32 ¾ÈÀÇ anhzxc.exe, anszxc10.dll, anszxc20.dll, nvsvc.exe »èÁ¦
·¹Áö½ºÆ®¸®
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run¾ÈÀÇ
nvsvc.exe, anhzxc.exe, smx4pnp.dll¿¬°á°í¸® »èÁ¦)
[¹é½Å ó¸® ³»¿ª]
±ÝÀÏ ÀÔ¼öÇÑ ¹ÙÀÌ·¯½º DB ¾÷·Îµå ¹× ¹é½Å ÇÁ·Î±×·¥ ½ÇÇàÀ¸·Î ¹ÙÀÌ·¯½º Ä¡·á È®ÀÎ
[Ä¡·á ÈÄ È®ÀÎ]
Arp –a ¸í·É¾î¸¦ ÅëÇÑ PCÁ¤»ó ÀÛµ¿È®ÀÎ
¿¹¹æ¹ý
MSº¸¾ÈÆÐÄ¡ ÃֽŠ¹öÀü À¯Áö ¹× Adobe Flash ÆÐÄ¡ ÃֽŠ¹öÀü À¯Áö
Microsoft Internet Explorer iepeers.dll Use-After-Free Exploit (MS10-018) http://www.microsoft.com/korea/technet/security/bulletin/ms10-018.mspx
Aurora Ãë¾àÁ¡ (MS10-002) http://www.microsoft.com/korea/technet/security/Bulletin/ms10-002.mspx
Adobe Flash Player 10.1 RC 7¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®
http://labs.adobe.com/downloads/flashplayer10.html
|