Cache Poisoning Attack

Discussion in 'ESET Smart Security' started by Basalt, Oct 26, 2008.

Thread Status:
Not open for further replies.
  1. Basalt

    Basalt Registered Member

    Joined:
    Oct 26, 2008
    Posts:
    1
    Using ver 3.0.672.0 of the Eset SS.
    Vista Home Premium
    Linksys router with Cisco Firewall.

    checking the log I have the following message.

    10/25/2008 6:18:16 PM Detected Reverse TCP Desynchronization attack 192.168.1.101:139 192.168.1.100:51055 TCP
    10/25/2008 2:25:42 PM Incorrect IP packet checksum 0
    10/24/2008 6:19:39 PM Detected Reverse TCP Desynchronization attack 192.168.1.101:139 192.168.1.100:49160 TCP
    10/23/2008 6:18:40 PM Detected DNS cache poisoning attack 76.85.229.111:53 192.168.1.100:55841 UDP
    10/23/2008 6:18:40 PM Detected DNS cache poisoning attack 76.85.229.110:53 192.168.1.100:55841 UDP
    10/23/2008 6:18:36 PM Detected DNS cache poisoning attack 76.85.229.111:53 192.168.1.100:55841 UDP
    10/23/2008 6:18:36 PM Detected DNS cache poisoning attack 76.85.229.110:53 192.168.1.100:55841 UDP
    10/23/2008 6:18:34 PM Detected DNS cache poisoning attack 76.85.229.110:53 192.168.1.100:55841 UDP
    10/23/2008 6:18:33 PM Detected DNS cache poisoning attack 76.85.229.111:53 192.168.1.100:55841 UDP
    10/23/2008 6:18:32 PM Detected DNS cache poisoning attack 76.85.229.110:53 192.168.1.100:55841 UDP
    10/22/2008 7:44:36 PM Incorrect IP packet checksum 0
    10/21/2008 6:56:07 PM Incorrect IP packet checksum 0
    10/19/2008 3:55:12 PM Detected Reverse TCP Desynchronization attack 192.168.1.101:445 192.168.1.100:49158 TCP


    I am assuming the Software is perfoming as required, since it has logged the event, the Whois is within the Roadrunner system which I am also on. what exactly is this and should a log be forwarded to the ISP?

    thank You.
     
  2. Rmuffler

    Rmuffler Former Eset Moderator

    Joined:
    Jun 26, 2008
    Posts:
    1,000
    Location:
    Bismarck, ND USA
    Hello Basalt,

    Check the public IP address of the modem. This could be a false positive. Also, type in ipconfig /all and reply with the results.

    Thank you,

    Richard
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.