Detected DNS cache poisoning attack

[expert]

Hi All,

It has only been 2 days so far since I have installed Eset SS v5.0.84.0 rc and I have been seeing the "Detected DNS cache poisoning attack" on average about 10-20 times a day so far.

The IP shown is from my own router.
Is this a known issue or should I be concerned about a genuine attack?

Cheers.

[agoretsky]

Hello,

Perhaps your router is refreshing the cache it uses to store DNS information? I suspect it may be a false positive alarm, but if you contact ESET's technical support department directly, they should be able to investigate the issue further with you to confirm this.

Regards,

Aryeh Goretsky

[CloneRanger]

@ agoretsky

It would be Very helpful to people in future if you post the actual www link and/or email address for things such as ESET's technical support department etc. Not everybody would automatically know them, or how to get them !

Regards

[agoretsky]

Hello,

The URLs vary by country, but in North America, ESET contact information can be found at http://www.eset.com/us/about/contact/, or the company reached toll-free at +1 (866) 343-3738.

Regards,

Aryeh Goretsky

This small yet annoying problem is what caused me to cancel my renewal, simply because Eset don't know what it is. You also get a pop up with version 5.
When v4 was launched I would get a detected dns poisoning notification in the firewall log about every 30 minutes, I would also get one each time any online game was closed. I was on adsl then I am on cable now with a different router.
The first time I contacted support they said it was a known problem on some configurations and told me to disable it in settings, they would not tell me what it meant, after 3 times of contact I am sure they really have no idea.
All I wanted to know was what it actually meant, had it blocked something? was it information only? what did it mean, I never got an answer on here or from support.
It was fixed (for me) in version 4.2, and now it's back with pop ups.
If it has pop ups does it require intervention? Is it for information? Nobody told me 3 years ago I guess nobody will now.
I am hard wired by ethernet to a virgin media super hub now 100 meg fibre optic, I was hard wired to a bt home hub before. It is a fp, and only a small problem, it was supports complete lack of knowledge it displayed that made me lose confidence and not renew my license of 7 years, I can't live with a pop up each time my router refreshes when nobody can explain and don't see why I should turn features off when support cannot even tell me what it means!
Good luck.

[Marcos]

The erroneous "DNS cache poisoning attack" detections should be fixed in the next build of the firewall module (1072 probably). They used to occur when responses from a DNS server did not match queries.

Thanks for the reply, I will watch for the next firewall module.