I am getting a huge amount of DNS cache poisoning attack notices. I must get over 20 a day.
Any suggestions or thoughts?
Is it something to be concerned about?
KOR-

you will probably find it's from your routers address, it was a bug for me for the first 3 releases of v4, if you are not getting lag or disconnects it's not important and if router firewall protects against these attacks you can turn it off in settings to stop the never ending pop ups, they fixed it in v4 so shouldnt take too long to sort, hopefully..
I now get about 8 each time I exit a game in v5, it was the same with first releases of v4.

Thank for your reply.
I do not use a router, I have a direct connection. The notices are in the 'firewall log'.
I don't notice any lag nor do I have any dis-connect. The attacks or so called attacks seem to be most prevalent when I call up my email on Outlook.

KOR-

My personal suggestion is use Outpost Firewall Pro 7.5 without antispyware with nod32

-{ Quote: "My personal suggestion is use Outpost Firewall Pro 7.5 without antispyware with nod32" }-
The point of a beta forum is to sort out problems with the beta software.

-{ Quote: "I am getting a huge amount of DNS cache poisoning attack notices. I must get over 20 a day." }-
Please do the following:
- enable logging of blocked connections in the IDS setup
- clear the firewall log
- start capturing the network communication using Wireshark (without any filter)
- reproduce the problem
- stop the capturing
- save the firewall log to a text file or xml
- compress the fw log along with the Wireshark log to an archive

When done, upload it somewhere (ftp server, Dropbox, file sharing service,etc.) and PM me the link to the archive.

I have the same problem, although I am behind the router and I'm getting it from the router's IP 192.168.1.1 and port 53. Using Smart Security 5.0.84.0 RC1

-{ Quote: "I have the same problem, although I am behind the router and I'm getting it from the router's IP 192.168.1.1 and port 53. Using Smart Security 5.0.84.0 RC1" }-
Please see my response above. If you would like me to confirm or deny that the attack detection is correct, create and supply me with the necessary logs mentioned above.

It looks to me to be exactly the same issue I used to have with v4, support told me they were aware of it and as my router already detected dns poisoning I should turn it off.
What I cannot understand is, is it not the same firewall module as v4? I only get these attacks (and a lot of them) with v5, nothing with v4.

-{ Quote: "It looks to me to be exactly the same issue I used to have with v4, support told me they were aware of it and as my router already detected dns poisoning I should turn it off.
What I cannot understand is, is it not the same firewall module as v4? I only get these attacks (and a lot of them) with v5, nothing with v4." }-
The firewall module is same for v3/4/5. Not sure if this is one of the things that started working 100% properly in v5 but it could be the case and thus you can see certain attacks that might not have been reported earlier.
I've seen a DNS cache poisoning attack from 2 computers recently and checking a Wireshark log confirmed that it was not a FP. Of course, such attacks are not necessarily generated by malware.

I get them when exiting on line games, I get one when closing world of warcraft and about 10 when I exit rift, clean install a month ago. This is exactly what I used to get in the first few versions of v4, a firewall update fixed it I think (it was when it went to 4.2 if that helps) I cannot replicate it with any other activity only when I close these games. My router firewall e mails me when it logs an attack and all it's logs are clear, its a netgear 480 aka virgin super hub.

I have traced my DNS cache poisoning firewall notices. They come ONLY when I call up Outlook for my emails and they originate from my Internet provider.
I looked up the location of the IP see it is 'Charter provider IP' and wonder why it comes through as a poisoning attack notice.
Nothing to be concerned about I would guess.
KOR-

Actually with my Outpost Firewall Pro 7.5, most of the attack blocked is from my ISP or other ISPs from my country. I don't know why they do it but they really do it... Probably to trace your activity or may be something else

Hello,
I was reading my daily email, and under that session Eset popped up with a notification saying : DNS cache poisoning attack. The ip address is coming from my internet vendor which I have had for many years,and is definitely trusted. I have not received this notification before, not even with Ess 4. I have received this message two times while being on the net today .
I am using RC 5.0.84.0 , database 6250, Windows 7 64 bit Service Pack 1 , intel i5, 8gb dd3 ram. Everything is on default mode on this machine. No other security software is running in this environment.

Take Care ;)

NoobStick

I have been getting DNS cache poisoning attack notices and as I have said before in this thread I have found them to come from my Internet provider and they seem to only happen when I call up my emails through OutLook.
I UNclicked the box for notifying of DNS cache poisoning and will wait till there is a fix with another version of ESET 5.

KOR-