dns cache poisoning attack

hi, i have found some previous threads on this but they prove inconclusive. are these reports in firewall log a bug? i recently upgraded to ess from nod v2.7 and comodo (with d+) i thought it would be a less nagging option using less resources, however comodo never reported any problems, im getting about 30 'dns poisoning attack warnings a day (in log) all from same address.
should i ignore these or atke some action? thanks.

 

sorry, also have defender, spyware blaster (could this be culprit?) on vista 32 bit

 

Hi!

I can't tell you if these alerts are real or not . However , if you have no noticable problems , you can believe ESS is doing its job and is protecting you from attacks.

 

I'm running into this too -- our DNS servers are being flagged in the reports. It's weird.

I've also found that there was an issue with some Sun machines on our network that were doing some naughty things with ARP as I was getting ARP Cache Poisoning Attack messages in the log too. The Sun boxes are clean/freshly installed and updated, but weird nonetheless. I ended up putting them on their own VLAN....

 

Ditto.

Just upgraded this weekend from NOD32 v2 to the new Smart Security BE v3.0.566 on a dozen machines. One machine in the set is filling the firewall log on the console with DNA and ARP cache poisoning events from our internal AD/DNS servers. There are about a dozen events in the log every few minutes from that one machine.

Furthermore, that machine is reporting an inability to acess external sites.

Interestingly, it's the only Win2000 system in the set. All others are XP, and a couple of Vista boxes. Could just be conincidence.

Any ideas why that poor box is misled into thinking its own DNS servers are malicious?

 

Hasn't ESS gone to 3.0.650 by now

 

Yes it has.

 

my version is 3.0.650.0

 

I'm running two separate comms:

WinXPpro: OpenDNS, ESS v650, DSL
Win2Kpro: OpenDNS, ESS v650, Dialup

Both log DNS cache poisoning attacks. The DSL floods log with 90% of these. The dialup is much less. This has been going on for a long time over many revisions. I know I can turn off logging in IDS, but there this should only be a temporary fix.

 

Yes, but I already had the installer for 566. I thought that the clients would update themselves, but that's another issue I am having. They are stuck at 566.

However, my version does not seem to be the problem as others are having the same issue with the newer version.

 

dns poisoning part2

hi i am getting loads of these reports they are all from 192.168.1.254:53 is this my router? it's puzzling me. i use vista behind bt home hub router (default block all inbound)
ess firewall is set interactive with allow sharing ticked in zone.
any clues on what this is, i have a feeling i may be set up wrong.
many thanks.

 

Re: dns poisoning part2

found this with google https://www.wilderssecurity.com/archive/index.php/t-184672.html

 

i guess my thread's been moved and no one can help. i really dont remember v2 staying this buggy for so long.

 

ok, just updated conan and 15 of these message appeared, what exactly does detected dns poisoning cache mean? has it blocked it, some information what?
can i still use my new smart passwords to download nod av? which i upgraded to smart.
thanks.

 

closed. reverted to alternative av, i just cant trust smart at this time.

 

+1

 

+1
As described https://www.wilderssecurity.com/showthread.php?p=1239069#post1239069

When Windows 2000 becomes compatible with ESS would someone please post so I know it's worth trying ESS again

BTW
Fault is readily reproduced by having many tabs in firefox. That way when fire fox starts several DNS requests are issued. I suspect some are returned out of sequence, ESS DNS attack is triggers and from then on never reliably resynchronises with the real DNS

Or that is my theory.

 

in short, stick with what you're good at, v2 was a fantastic av. every security company that was market leader in their own field, seem to be shooting themselves in the foot. i dont really want antispyware and a firewall, but sp1 caused me problems with v2 and as it's no longer a work in progress i upgraded.
every av company seems to be moving into the same field of mediocre suites, give it a year and there wont be any difference in any of them!
please excuse my spelling

 

to sum up, having removed eset and replaced with a well known suite which uses 2 processes and18k of ram, the differences i notice are the ram is 10k less than than smart, the web is slightly, but noticeably quicker, online games have a much lower latency.
im posting this hoping it will help others with my problem, hoping it will get eset to look at this problem, i left the suite im with now for nod 2.7, i upgraded to smart due to problems with sp1 this program uses nearly twice the resources of the program i left for nod, i dont know wether this is because of my problem, nobody would tell me i found eset support to be quite patronising and unwilling to help, the only advice i got was to turn off elements, and if i have to do that, something is wrong.
i had problems uninstalling the program also.
i dont know wether all my problems were due to the firewall, maybe it's my system but something clearly needs a hell of a lot of work.
good bye all, it's been a pleasure dealing with you all and thanks for all the help over the last 2 years.
i have just got tired of trying!