Cache Poisoning Attack

Discussion in 'ESET Smart Security' started by Basalt, Oct 26, 2008.

Thread Status:
Not open for further replies.
  1. Basalt

    Basalt Registered Member

    Joined:
    Oct 26, 2008
    Posts:
    1
    Using ver 3.0.672.0 of the Eset SS.
    Vista Home Premium
    Linksys router with Cisco Firewall.

    checking the log I have the following message.

    10/25/2008 6:18:16 PM Detected Reverse TCP Desynchronization attack 192.168.1.101:139 192.168.1.100:51055 TCP
    10/25/2008 2:25:42 PM Incorrect IP packet checksum 0
    10/24/2008 6:19:39 PM Detected Reverse TCP Desynchronization attack 192.168.1.101:139 192.168.1.100:49160 TCP
    10/23/2008 6:18:40 PM Detected DNS cache poisoning attack 76.85.229.111:53 192.168.1.100:55841 UDP
    10/23/2008 6:18:40 PM Detected DNS cache poisoning attack 76.85.229.110:53 192.168.1.100:55841 UDP
    10/23/2008 6:18:36 PM Detected DNS cache poisoning attack 76.85.229.111:53 192.168.1.100:55841 UDP
    10/23/2008 6:18:36 PM Detected DNS cache poisoning attack 76.85.229.110:53 192.168.1.100:55841 UDP
    10/23/2008 6:18:34 PM Detected DNS cache poisoning attack 76.85.229.110:53 192.168.1.100:55841 UDP
    10/23/2008 6:18:33 PM Detected DNS cache poisoning attack 76.85.229.111:53 192.168.1.100:55841 UDP
    10/23/2008 6:18:32 PM Detected DNS cache poisoning attack 76.85.229.110:53 192.168.1.100:55841 UDP
    10/22/2008 7:44:36 PM Incorrect IP packet checksum 0
    10/21/2008 6:56:07 PM Incorrect IP packet checksum 0
    10/19/2008 3:55:12 PM Detected Reverse TCP Desynchronization attack 192.168.1.101:445 192.168.1.100:49158 TCP


    I am assuming the Software is perfoming as required, since it has logged the event, the Whois is within the Roadrunner system which I am also on. what exactly is this and should a log be forwarded to the ISP?

    thank You.
     
  2. Rmuffler

    Rmuffler Former Eset Moderator

    Joined:
    Jun 26, 2008
    Posts:
    995
    Location:
    San Diego, CA USA
    Hello Basalt,

    Check the public IP address of the modem. This could be a false positive. Also, type in ipconfig /all and reply with the results.

    Thank you,

    Richard
     
Thread Status:
Not open for further replies.