摘要 |
A pharming attack detection, a complementary system and a method thereof using an IP address list are provided to block the corresponding server connection by detecting pharming attack by comparing a destination IP address in an HTTP packet. An extracting unit extracts a destination IP(Internet Protocol) and host information in HTTP(Hypertext Transfer Protocol) packet received from a user PC(10). The IP address is requested as a DNS(Domain Name Server)(30) by using the host information. The IP address list received to the response about request is compared with the extracted destination IP address. In case the destination IP address is not in the IP address list, it determines as the situation infected with the pharming attack and blocks the web connection of the user personal computer or detection. |