Detected DNS cache poisioning attack

Discussion in 'ESET Smart Security' started by dabanf, Apr 11, 2009.

Thread Status:
Not open for further replies.
  1. dabanf

    dabanf Registered Member

    Joined:
    Sep 29, 2007
    Posts:
    2
    Hi have started using wifi on my laptop and lone behold getting some weird entries in my "personal firewall log".

    Basically have identified that the "source" of the DNS or ARP is coming from my ip address!!!!!!!!!!!!!!

    Is there a setting in Eset SS that i need to setup to prevent this.

    The attack is not being listed under "detected threats" but this morning i couldn't get online as my modem was kicking up a network error message stating "...DNSSpoofed&URL....."

    What's the best way to deal with this bearing in mind i will continue to use wifi.

    MTIA
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Please make sure you're updated to 4.0.417.0
     
  3. DarrenDavisLeeSome

    DarrenDavisLeeSome Registered Member

    Joined:
    Mar 23, 2009
    Posts:
    315
    Location:
    Riverside, CA U.S.A
    I've had the ARP/DNS Cache Poisoning Attacks detections ever since ESS 3.0.674 (?) that were coming from my router whenever I went to a secure log-on server primarily. Occasionally, I would get them from my ISP's DNS or from using their Chat Tech Support(https). Still getting these attacks with ESS 4.0.314~417.

    Have you been doing the whois check bit with the IP address(es) to find out where these attacks are coming from?

    Here's a link to check out those attack IP origins:
    http://tools.whois.net/whoisbyip/
     
Thread Status:
Not open for further replies.