False detection of DNS cache poisoning attack

Discussion in 'ESET Smart Security' started by kwg, Jan 1, 2008.

Thread Status:
Not open for further replies.
  1. kwg

    kwg Registered Member

    Joined:
    Jun 30, 2007
    Posts:
    127
    When I end a VPN session, the ESS firewall log reports an event such as the following:

    Event: DNS cache poisoning attack
    Source: 192.168.1.2:53 (my address on the local network)
    Target: 192.168.1.35:1192 (my address on the remote network)

    The target address and port may vary from session to session, depending on what the remote server has assigned.

    Two observations and questions:

    1. I have seen no adverse consequences from this event (apart from the misleading entry in the ESS log). It may have helped that the event does not occur until the VPN session terminates. Specifically, what action does ESS take as a consequence of this event?

    2. Of course, I don't want to modify ESS settings such that actual DNS cache poisoning attacks are ignored. How can I configure ESS so that this event is not recorded (and no action is taken by ESS) when it occurs as a consequence of a legitimate VPN connection?
     
    kwg, Jan 1, 2008
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...