3월 4일 DDoS 공격여부 확인 방법
1. 보호나라를 통한 감염여부 체크
KISA에서는 이번 DDoS감염여부를 체크하는 백신을 제공하고 있습니다.
아래 링크를 통해 감염여부를 확인하세요
정부 등 주요기관 홈페이지 DDoS 공격 치료용 전용백신
2. 파일을 통한 강제 리다이렉트 여부 확인
자신의 PC의 C:\Windows\System32\drivers\etc\hosts 파일을 보시면
정상적인것은
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
이렇게 구성이 되나
금번에 발생하고 있는 DDoS 에 감염된 PC는 아래와 같이 변조 됩니다.
아래와 같이 변조되어 있다면.. 해당 내역을 삭제 하시고 백신을 업데이트 검사 하세요.
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost127.0.0.1 explicitupdate.alyac.co.kr
127.0.0.1 gms.ahnlab.com
127.0.0.1 ko-kr.albn.altools.com
127.0.0.1 ko-kr.alupdatealyac.altools.com
127.0.0.1 su.ahnlab.com
127.0.0.1 su3.ahnlab.com
127.0.0.1 update.ahnlab.com
127.0.0.1 ahnlab.nefficient.co.kr
::1 localhost