False detection of DNS cache poisoning attack

Discussion in 'ESET Smart Security' started by kwg, Jan 1, 2008.

Thread Status:
Not open for further replies.
  1. kwg

    kwg Registered Member

    Jun 30, 2007
    When I end a VPN session, the ESS firewall log reports an event such as the following:

    Event: DNS cache poisoning attack
    Source: (my address on the local network)
    Target: (my address on the remote network)

    The target address and port may vary from session to session, depending on what the remote server has assigned.

    Two observations and questions:

    1. I have seen no adverse consequences from this event (apart from the misleading entry in the ESS log). It may have helped that the event does not occur until the VPN session terminates. Specifically, what action does ESS take as a consequence of this event?

    2. Of course, I don't want to modify ESS settings such that actual DNS cache poisoning attacks are ignored. How can I configure ESS so that this event is not recorded (and no action is taken by ESS) when it occurs as a consequence of a legitimate VPN connection?
Thread Status:
Not open for further replies.