DNS problems

[rodneys]

Hi all,

I'm currently testing ESET Smart Security 3.0.650.0 on my Windows 2000 machine. I have experienced the following problem:
- loading web sites (with firefox, for example) is very slow
- some web sites are not loaded at all (server not found)

Looking to the firewall log messages, the reason for this problem is quite obvious: the firewall is identifying the DNS responses from the DNS server as attacks (message "DNS Cache poisoning attack"). Of course, the DNS server is not attacking anybody (I tried it with different DNS servers). This certainly is a bug in the firewall.

I "solved" this problem on my machine by deactivating the Web protection component.

Some days ago, another user has reported the same problem in this forum and a similar problem has been already reported in April. I strongly recommend ESET to take this problem serious. This is an absolute show stopper. Any "normal" user (i.e., not familiar with network technology) would discard Smart Security from his/her machine without thinking twice.

[knacki99]

I noticed this too; Vista x64 SP1 English:

5/8/2008 8:11:05 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.251.241:56348 UDP
5/8/2008 8:11:05 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.251.241:56348 UDP
5/8/2008 8:11:01 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.251.241:56348 UDP
5/8/2008 8:11:01 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.251.241:56348 UDP
5/8/2008 8:10:59 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.251.241:56348 UDP
5/8/2008 8:10:59 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.251.241:56348 UDP
5/8/2008 8:10:58 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.251.241:56348 UDP
5/8/2008 8:10:58 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.251.241:56348 UDP
5/8/2008 8:10:57 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.251.241:56348 UDP
5/8/2008 7:43:09 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.251.241:58205 UDP
5/8/2008 7:43:09 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.251.241:58205 UDP
5/8/2008 7:43:05 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.251.241:58205 UDP
5/8/2008 7:43:05 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.251.241:58205 UDP
5/8/2008 7:43:03 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.251.241:58205 UDP
5/8/2008 7:43:03 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.251.241:58205 UDP
5/8/2008 7:43:02 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.251.241:58205 UDP
5/8/2008 7:43:02 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.251.241:58205 UDP
5/8/2008 7:43:01 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.251.241:58205 UDP
5/7/2008 3:43:19 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.241.161:62962 UDP
5/7/2008 3:43:19 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.241.161:62962 UDP
5/7/2008 3:43:15 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.241.161:62962 UDP
5/7/2008 3:43:15 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.241.161:62962 UDP
5/7/2008 3:43:13 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.241.161:62962 UDP
5/7/2008 3:43:13 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.241.161:62962 UDP
5/7/2008 3:43:12 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.241.161:62962 UDP
5/7/2008 3:43:12 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.241.161:62962 UDP
5/7/2008 3:43:11 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.241.161:62962 UDP
5/6/2008 8:39:16 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.236.65:59017 UDP
5/6/2008 8:39:16 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.236.65:59017 UDP
5/6/2008 8:39:15 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.236.65:59017 UDP
5/6/2008 8:38:47 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.236.65:56879 UDP
5/6/2008 8:38:47 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.236.65:56879 UDP
5/6/2008 8:38:43 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.236.65:56879 UDP
5/6/2008 8:38:43 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.236.65:56879 UDP
5/6/2008 8:38:41 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.236.65:56879 UDP
5/6/2008 8:38:41 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.236.65:56879 UDP
5/6/2008 8:38:40 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.236.65:56879 UDP
5/6/2008 8:38:40 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.236.65:56879 UDP
5/6/2008 8:38:39 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.236.65:56879 UDP
5/6/2008 7:49:43 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.115.86:55044 UDP
5/6/2008 7:49:43 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.115.86:55044 UDP
5/6/2008 7:49:43 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.115.86:55044 UDP
5/5/2008 11:54:48 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.87.174:50834 UDP
5/5/2008 11:54:47 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.87.174:50834 UDP
5/5/2008 11:54:47 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.87.174:50834 UDP
5/4/2008 5:02:13 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.247.101:52079 UDP
5/4/2008 5:02:11 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.247.101:52079 UDP
5/4/2008 5:02:10 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.247.101:52079 UDP
5/4/2008 10:53:58 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.93.73:51815 UDP
5/4/2008 10:53:57 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.93.73:51815 UDP
5/4/2008 10:53:53 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.93.73:51815 UDP
5/4/2008 10:53:53 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.93.73:51815 UDP
5/4/2008 10:53:51 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.93.73:51815 UDP
5/4/2008 10:53:51 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.93.73:51815 UDP
5/4/2008 10:53:50 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.93.73:51815 UDP
5/4/2008 10:53:50 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.93.73:51815 UDP
5/4/2008 10:53:49 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.93.73:51815 UDP
5/4/2008 10:27:21 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.93.73:51393 UDP
5/4/2008 10:27:21 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.93.73:51393 UDP
5/4/2008 10:27:17 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.93.73:51393 UDP
5/4/2008 10:27:17 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.93.73:51393 UDP
5/4/2008 10:27:15 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.93.73:51393 UDP
5/4/2008 10:27:15 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.93.73:51393 UDP
5/4/2008 10:27:14 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.93.73:51393 UDP
5/4/2008 10:27:14 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.93.73:51393 UDP
5/4/2008 10:27:13 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.93.73:51393 UDP
5/3/2008 4:10:26 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.126.165:59685 UDP
5/3/2008 4:10:26 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.126.165:59685 UDP
5/3/2008 4:10:22 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.126.165:59685 UDP
5/3/2008 4:10:22 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.126.165:59685 UDP
5/3/2008 4:10:20 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.126.165:59685 UDP
5/3/2008 4:10:20 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.126.165:59685 UDP
5/3/2008 4:10:19 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.126.165:59685 UDP
5/3/2008 4:10:19 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.126.165:59685 UDP
5/3/2008 4:10:18 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.126.165:59685 UDP
5/3/2008 10:10:35 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.196.20:52751 UDP
5/3/2008 10:10:35 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.196.20:52751 UDP
5/3/2008 10:10:31 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.196.20:52751 UDP
5/3/2008 10:10:31 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.196.20:52751 UDP
5/3/2008 10:10:29 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.196.20:52751 UDP
5/3/2008 10:10:29 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.196.20:52751 UDP
5/3/2008 10:10:28 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.196.20:52751 UDP
5/3/2008 10:10:28 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.196.20:52751 UDP
5/3/2008 10:10:27 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.196.20:52751 UDP
5/3/2008 9:43:28 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.196.20:50143 UDP
5/3/2008 9:43:27 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.196.20:50143 UDP
5/3/2008 9:43:27 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.196.20:50143 UDP
5/3/2008 8:51:26 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.43.43:54062 UDP
5/3/2008 8:51:25 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.43.43:54062 UDP
5/3/2008 8:51:25 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.43.43:54062 UDP
5/3/2008 6:36:50 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.68.155:53595 UDP
5/3/2008 6:36:49 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.68.155:53595 UDP
5/3/2008 6:36:49 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.68.155:53595 UDP
5/2/2008 7:47:10 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.55.220:55023 UDP
5/2/2008 7:47:10 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.55.220:55023 UDP
5/2/2008 7:47:06 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.55.220:55023 UDP
5/2/2008 7:47:06 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.55.220:55023 UDP
5/2/2008 7:47:04 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.55.220:55023 UDP
5/2/2008 7:47:04 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.55.220:55023 UDP
5/2/2008 7:47:03 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.55.220:55023 UDP
5/2/2008 7:47:03 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.55.220:55023 UDP
5/2/2008 7:47:02 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.55.220:55023 UDP
5/2/2008 2:25:09 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.106.125:64087 UDP
5/2/2008 2:25:09 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.106.125:64087 UDP
5/2/2008 2:25:09 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.106.125:64087 UDP
5/1/2008 8:12:21 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.172.224:52365 UDP
5/1/2008 8:12:21 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.172.224:52365 UDP
5/1/2008 8:12:17 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.172.224:52365 UDP
5/1/2008 8:12:17 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.172.224:52365 UDP
5/1/2008 8:12:15 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.172.224:52365 UDP
5/1/2008 8:12:15 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.172.224:52365 UDP
5/1/2008 8:12:14 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.172.224:52365 UDP
5/1/2008 8:12:14 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.172.224:52365 UDP
5/1/2008 8:12:13 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.172.224:52365 UDP
4/29/2008 7:37:29 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.199.232:58538 UDP
4/29/2008 7:37:29 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.199.232:58538 UDP
4/29/2008 7:37:25 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.199.232:58538 UDP
4/29/2008 7:37:25 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.199.232:58538 UDP
4/29/2008 7:37:23 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.199.232:58538 UDP
4/29/2008 7:37:23 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.199.232:58538 UDP
4/29/2008 7:37:22 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.199.232:58538 UDP
4/29/2008 7:37:22 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.199.232:58538 UDP
4/29/2008 7:37:21 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.199.232:58538 UDP
4/29/2008 6:08:42 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.177.59:64297 UDP
4/29/2008 6:08:41 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.177.59:64297 UDP
4/29/2008 6:08:41 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.177.59:64297 UDP
4/28/2008 2:50:33 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.44.223:54509 UDP
4/28/2008 2:50:33 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.44.223:54509 UDP
4/28/2008 2:50:29 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.44.223:54509 UDP
4/28/2008 2:50:29 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.44.223:54509 UDP
4/28/2008 2:50:27 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.44.223:54509 UDP
4/28/2008 2:50:27 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.44.223:54509 UDP
4/28/2008 2:50:26 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.44.223:54509 UDP
4/28/2008 2:50:26 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.44.223:54509 UDP
4/28/2008 2:50:25 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.44.223:54509 UDP
4/27/2008 11:46:30 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.77.37:56435 UDP
4/27/2008 11:46:30 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.77.37:56435 UDP
4/27/2008 11:46:26 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.77.37:56435 UDP
4/27/2008 11:46:26 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.77.37:56435 UDP
4/27/2008 11:46:25 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.77.37:56435 UDP
4/27/2008 11:46:25 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.77.37:56435 UDP
4/27/2008 11:46:23 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.77.37:56435 UDP
4/27/2008 11:46:23 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.77.37:56435 UDP
4/27/2008 11:46:22 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.77.37:56435 UDP
4/27/2008 11:11:31 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.209.220:54090 UDP
4/27/2008 11:11:31 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.209.220:54090 UDP
4/27/2008 11:11:27 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.209.220:54090 UDP
4/27/2008 11:11:27 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.209.220:54090 UDP
4/27/2008 11:11:25 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.209.220:54090 UDP
4/27/2008 11:11:25 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.209.220:54090 UDP
4/27/2008 11:11:24 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.209.220:54090 UDP
4/27/2008 11:11:24 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.209.220:54090 UDP
4/27/2008 11:11:23 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.209.220:54090 UDP
4/27/2008 11:06:42 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.209.220:62915 UDP
4/27/2008 11:06:42 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.209.220:62915 UDP
4/27/2008 11:06:42 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.209.220:62915 UDP
4/27/2008 10:49:36 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.209.220:51591 UDP
4/27/2008 10:49:36 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.209.220:51591 UDP
4/27/2008 10:49:35 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.209.220:51591 UDP
4/26/2008 6:36:33 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.200.113:60017 UDP
4/26/2008 6:36:33 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.200.113:60017 UDP
4/26/2008 6:36:32 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.200.113:60017 UDP
4/26/2008 12:17:55 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.152.229:65062 UDP
4/26/2008 12:17:54 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.152.229:65062 UDP
4/26/2008 12:17:54 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.152.229:65062 UDP
4/26/2008 10:38:27 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.2.181:55599 UDP
4/26/2008 10:38:27 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.2.181:55599 UDP
4/26/2008 10:38:26 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.2.181:55599 UDP
4/24/2008 6:25:28 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.131.202:64288 UDP
4/24/2008 6:25:27 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.131.202:64288 UDP
4/24/2008 6:25:27 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.131.202:64288 UDP
4/22/2008 7:47:24 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.193.155:49179 UDP
4/22/2008 7:47:24 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.193.155:49179 UDP
4/22/2008 7:47:20 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.193.155:49179 UDP
4/22/2008 7:47:20 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.193.155:49179 UDP
4/22/2008 7:47:18 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.193.155:49179 UDP
4/22/2008 7:47:18 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.193.155:49179 UDP
4/22/2008 7:47:17 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.193.155:49179 UDP
4/22/2008 7:47:17 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.193.155:49179 UDP
4/22/2008 7:47:16 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.193.155:49179 UDP
4/22/2008 7:20:32 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.193.155:49677 UDP
4/22/2008 7:20:31 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.193.155:49677 UDP
4/22/2008 7:20:31 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.193.155:49677 UDP
4/21/2008 8:40:51 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.232.197:49514 UDP
4/21/2008 8:40:51 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.232.197:49514 UDP
4/21/2008 8:40:47 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.232.197:49514 UDP
4/21/2008 8:40:47 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.232.197:49514 UDP
4/21/2008 8:40:46 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.232.197:49514 UDP
4/21/2008 8:40:46 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.232.197:49514 UDP
4/21/2008 8:40:44 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.232.197:49514 UDP
4/21/2008 8:40:44 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.232.197:49514 UDP
4/21/2008 8:40:43 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.232.197:49514 UDP
4/21/2008 8:31:00 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.232.197:50494 UDP
4/21/2008 8:31:00 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.232.197:50494 UDP
4/21/2008 8:31:00 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.232.197:50494 UDP
4/20/2008 7:33:53 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.140.147:52129 UDP
4/20/2008 7:33:53 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.140.147:52129 UDP
4/20/2008 7:33:49 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.140.147:52129 UDP
4/20/2008 7:33:49 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.140.147:52129 UDP
4/20/2008 7:33:47 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.140.147:52129 UDP
4/20/2008 7:33:47 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.140.147:52129 UDP
4/20/2008 7:33:46 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.140.147:52129 UDP
4/20/2008 7:33:46 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.140.147:52129 UDP
4/20/2008 7:33:45 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.140.147:52129 UDP
4/19/2008 6:31:32 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.105.198:62764 UDP
4/19/2008 6:31:32 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.105.198:62764 UDP
4/19/2008 6:31:28 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.105.198:62764 UDP
4/19/2008 6:31:28 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.105.198:62764 UDP
4/19/2008 6:31:26 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.105.198:62764 UDP
4/19/2008 6:31:26 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.105.198:62764 UDP
4/19/2008 6:31:25 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.105.198:62764 UDP
4/19/2008 6:31:25 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.105.198:62764 UDP
4/19/2008 6:31:24 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.105.198:62764 UDP
4/19/2008 8:22:19 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.170.255:55367 UDP
4/19/2008 8:22:18 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.170.255:55367 UDP
4/19/2008 8:22:17 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.170.255:55367 UDP
4/19/2008 7:52:55 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.170.255:53008 UDP
4/19/2008 7:52:55 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.170.255:53008 UDP
4/19/2008 7:52:51 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.170.255:53008 UDP
4/19/2008 7:52:51 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.170.255:53008 UDP
4/19/2008 7:52:49 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.170.255:53008 UDP
4/19/2008 7:52:49 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.170.255:53008 UDP
4/19/2008 7:52:48 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.170.255:53008 UDP
4/19/2008 7:52:48 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.170.255:53008 UDP
4/19/2008 7:52:47 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.170.255:53008 UDP
4/17/2008 9:33:04 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.169.135:56976 UDP
4/17/2008 9:33:04 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.169.135:56976 UDP
4/17/2008 9:33:00 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.169.135:56976 UDP
4/17/2008 9:33:00 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.169.135:56976 UDP
4/17/2008 9:32:58 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.169.135:56976 UDP
4/17/2008 9:32:58 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.169.135:56976 UDP
4/17/2008 9:32:57 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.169.135:56976 UDP
4/17/2008 9:32:57 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.169.135:56976 UDP
4/17/2008 9:32:56 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.169.135:56976 UDP
4/17/2008 2:35:31 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.190.223:58984 UDP
4/17/2008 2:35:31 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.190.223:58984 UDP
4/17/2008 2:35:27 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.190.223:58984 UDP
4/17/2008 2:35:27 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.190.223:58984 UDP
4/17/2008 2:35:25 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.190.223:58984 UDP
4/17/2008 2:35:24 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.190.223:58984 UDP
4/17/2008 2:35:23 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.190.223:58984 UDP

[sherryxp2000]

I looked at my firewall log, same problem on my machine also.

Happened with both SP2 and SP3 on my XP Machines.

[knacki99]

bump thread up.

[rodneys]

> bump thread up.

Thanks. I wonder why ESET is not reacting to the problem. I found another posting about the same problem from October, 2007.
Are only a couple of users affected by it? I hope so for ESET. I wonder how many potential customers have been put off by this issue. I mean, would you buy a security software that (apparently) breaks/slows down your web browser? (how many users would look at the firewall log messages?)

Nevertheless, turning off the DNS poisoning attack detection in the firewall settings helps.

[patch]

Quote:

Originally Posted by rodneys

Hi all,

I'm currently testing ESET Smart Security 3.0.650.0 on my Windows 2000 machine.
...
the firewall is identifying the DNS responses from the DNS server as attacks (message "DNS Cache poisoning attack"). Of course, the DNS server is not attacking anybody (I tried it with different DNS servers). This certainly is a bug in the firewall.

I "solved" this problem on my machine by deactivating the Web protection component.

Same here with windows 2000 as reported http://www.wilderssecurity.com/showthread.php?t=208072

Disabling the "DNS poision attack detection" helps but I then get some no rule errors and intermittent browsing problems

Occurs only on Windows 2000 professional (fully updated) & not XP

[Dark Shadow]

Your not alone,Vista problem to,Firewall needs attention.

[kFyros]

I see the same log records in my office
(eset smart security business edition in three computers with vista-xp-win 2003) .
It does not affect performance.

I noticed that these attacks happen in some periods of the day.

I don' t think this is a firewall problem, but actual attacks from robots or computers that mask as dns servers. But I can't be sure.

I created a rule and allowed dns communication ONLY with my domain DNS SERVER (local intranet) and my ISP's DNS Servers
(In Out -
UDP & TCP -
Local Port 53 -
Remote Port ANY
- Trusted Zone and ISP's DNS Servers)


ESET technicians shouldn't reply to these forums ? Or it's just for fun?

[rodneys]

Quote:

Originally Posted by kFyros

I see the same log records in my office
It does not affect performance.
...
I don' t think this is a firewall problem, but actual attacks from robots or computers that mask as dns servers. But I can't be sure.

I think something different is happening in your network than in mine. Perhaps there are really attacks in your network.
1. On my machine it affects the performance of the Web browser, simply because the firewall blocks the DNS responses -> browser can not resolve the host name -> error
2. I'm quite sure that it's not an attack. I tried it out with the DNS server of my router and with OpenDNS. Always the same result. The source of the alleged "attack" is always the configured DNS server.

[patch]

Yep mine is trying to tell me my router is attacking my Windows 2000 machines
After I disable "DNS poison attack detection"

10/05/2008 2:26:54 PM No usable rule found 192.168.1.254:53 192.168.1.2:2319 UDP
10/05/2008 2:26:54 PM No usable rule found 192.168.1.254:53 192.168.1.2:2319 UDP
10/05/2008 1:27:02 PM No usable rule found 192.168.1.254:53 192.168.1.2:2236 UDP
10/05/2008 1:27:01 PM No usable rule found 192.168.1.254:53 192.168.1.2:2237 UDP
10/05/2008 1:27:01 PM No usable rule found 192.168.1.254:53 192.168.1.2:2237 UDP
10/05/2008 11:54:26 AM No usable rule found 192.168.1.18:68 255.255.255.255:67 UDP
10/05/2008 11:54:21 AM No usable rule found 192.168.1.18:68 255.255.255.255:67 UDP
10/05/2008 11:30:08 AM No usable rule found 192.168.1.254:53 192.168.1.2:2058 UDP
10/05/2008 11:30:08 AM No usable rule found 192.168.1.254:53 192.168.1.2:1970 UDP

Where
192.168.1.2 = computer running Windows 2000 and ESS
192.168.1.254 = my router Billion 7402vgp
Port 53 = DNS Service is typically used to convert between URL's and IP Addresses

Solution for me
Uninstall ESET, reinstall nod32
Clear cache etc. in firefox
System works as it should

ESET really should fix this

[knacki99]

hello ESET?

[kFyros]

Nod 32 is a fine program, and it does just one job.
It scans for viruses.
It is probably the best antivirus at this time.

The ESET security suite is many things.
Antivirus
Firewall
Antispyware
Antispam

Some of them work fine but some don't.

I think the firewall needs work and is complicated enough even for a technician.
It should be enriched with a standard set of rules for various purposes, and the Allow - Deny prompt dialog should be more intelligent when creating a rule.
For example , in windows vista , when we use the searchfilterhost.exe (it's the executable that is processing every request with post in the windows searchbar) ,
the firewall is asking for verification of every request we make (it creates different similar rules everytime).

Also, if we leave the firewall in automatic mode (and not interactive), we won't be able to work with our computer because we don't get any alerts...

[alphadog]

Quote:

Originally Posted by rodneys

I'm quite sure that it's not an attack. I tried it out with the DNS server of my router and with OpenDNS. Always the same result. The source of the alleged "attack" is always the configured DNS server.

The same is happening on my workplace network. Installed ESS v3.0.650 on a dozen systems and I get:

1. One system that has a ton of "DNS cache poisoning" attacks in the firewall log. It hits when going on outbound sites only; internal sites do not seem to trigger the same errors. It also eventually works, but otherwise gives the end-user a "not found" error.
2. Same system occasionally gives a "ARP cache poisoning attack", but nowhere near as often as the above.
3. Various systems give me "Reverse TCP desynchronization attack". Not sure what to do about that one too.

And, like you, ESET has been very unhelpful in this forum about this issue. (It may be that I need to contact them directly, but this forum is generally a good mix of helpful ESET and independent users and I like trying this first.)

There are multiple threads on this issue, and while ESET answers in other threads, these threads go unanswered. I take it as evidence that it is a problem they are incapable of solving right now.

[GaryRW]

These are from Vodafone, which is probably your ISP. On my DSL I get floods of these using OpenDNS, a dedicated DNS service. It's much worse now than on prior versions. I also get them on my dialup but less frequent.

For those behind a router, the router can also be the cause. Do a search on "DNS cache poisoning" on these forums and you will see the issue brought up since at least 11/2007 for ESS. Google the same phrase and you will get many references. Unless they are false positives, they were a serious exploit years ago and were supposedly understood and fixed at large.

Quote:

Originally Posted by knacki99

I noticed this too; Vista x64 SP1 English:

5/8/2008 8:11:05 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.251.241:56348 UDP
5/8/2008 8:11:05 AM Detected DNS cache poisoning attack .....................

[sherryxp2000]

Any news, fix help for this lately?

[GaryRW]

This describes DNS Cache Poisioning Vulnerability. Select "Test My DNS" on page to do test of your DNS resolver.

https://www.dns-oarc.net/oarc/services/dnsentropy

FYI: I use OpenDNS on DSL and Dialup Analog and get floods of DNS Cache Poisoning logs even though OpenDNS receives the highest rating "GREAT". I downgraded to NOD32 v3 and changed to Comodo FW and I no longer get any DNS cache poisoning logs.

[eTuner]

I have this, also, but I never knew what the DNS poining attacks were for.

Doing speed tests with and without the firewall, I have come to the conclusion that ESET Smart security is the culprit for my recen slowdowns. Any way to fix this without disrupting normal behavior would be appreciated.

[clyde123]

Has there been any update on this issue ?
I have a user with similar problems to original poster.

[Yorky35]

I'm having this problem as well.

No answer from Eset, so bumping the thread up. As this is an official support forum, can we please have some Eset input on this?

[p5ym0n]

Getting the same problem.
Bought a new NIC thinking it was that.
Disabled NOD32 firewall seems to work, but shouldn't have to do this.
This actually started 4-5 weeks ago, but I thought it was just my ISP. Has got increasingly worse though - DNS lookups fail, web sites really slow, connection interrupted errors.
I'm using Vista 64 Home Premium. ESET Smart Security 3.0.650.0.

Hope this gets fixed quick.
Have just read there's an update: v3.0.672 ( http://www.wilderssecurity.com/showthread.php?t=218459 ) - going to try that.

[MysticG]

I have the same exact problem. I tried so many things to troubleshoot it. Now I don't even pay any mind to it. I'm just COMPLETELY surprised Eset hasn't responded to the issue. There should've been a fix by now.

[p5ym0n]

Yup.
Well 3.0.672 seems to be better. Although it's hard to tell as this problem can be so random.
Web sites can still take a while to respond.

Ah, haha, whilst typing this an FTP session timed out on dns error, so 3.0.672 hasn't cured it anyway.

[newbie2247]

3.0.672 is no better, I should know. I am using it right now and am getting totally bombarded with "detected ARP cache poisoning" in red ink as well as zillions of "no usable rule found" in blue ink.

I have no idea at all what either means nor do I know what to do about it. I'm nervous as all get out. I don't want a crash or any vulnerabilities either. Big conundrum here since I am no techie.

1) How concerned should I be?

2) What can or should I (safely) do to stop all this?

Any and all help muchly appreciated.

Signed,

"Very Scared" Newbie2247

[COSMO26]

Several posts about this issue suggest Disabling the Logging of the so-called DNS Intrusions. In the Advanced Setup tree/Personal Firewall/IDS & Advanced Options/Intrusion Detections... Un-chk the DNS Poisoning Attack Option.

You can open an issue with Eset Support to see what their latest response is but it is apparently a Bug still not resolved.

[newbie2247]

Thank you.


I tried unchecking that box and it still kept happening. So I went back, put the check back in that box and unchecked
ARP cache poisoning (which is the real problem anyway) and it does not show up in red anymore. But that doesn't mean the problem has gone away, right? Just the reporting of these attacks is not being shown anymore.

Am I still in trouble is what I need to know? Should I do more?