DNS cache poisoning attack detected? Comcast i.p.

Discussion in 'ESET Smart Security' started by blackrosevain, Nov 13, 2012.

Thread Status:
Not open for further replies.
  1. blackrosevain

    blackrosevain Registered Member

    Joined:
    Nov 13, 2012
    Posts:
    2
    Location:
    USA
    Hi there, I know there are a couple posts regarding this issue the issue being:

    My ESS5 firewall is detecting threats of DNS cache poisoning attacks from i.p. 75.75.75.75

    I looked up the IP and it belongs to Comcast which makes sense because I use comcast as my internet provider. I read a thread that said it is most likely a bugge in the firewall and ESET is working to fix it and that it is being detected as a threat whenever Comcast is pinging to see if my computer is still on the network. Is this true or should I be worried about my computers security?

    Also, I have already downloaded and run the DNS flush tool found on ESET's site. I flushed the DNS both times that these "attacks" were detected.

    Should I just continue flushing the DNS as it happens and are these legitimate threats or something similar to what I described above?

    btw, i have only had my computer for about 2 weeks, Eset for maybe 10 days, and today was my second detection. if it helps any, I am on windows 7/64 i believe and i have ESS5.

    Thanks for your help!
     
  2. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
    This issue can arise for a number of reasons and that does include times when the connection is being pinged or if the router is sending data in a non-standard way. There's an ESET KB Article on this issue that might help:

    DNS Cache Poisoning Attack
     
  3. blackrosevain

    blackrosevain Registered Member

    Joined:
    Nov 13, 2012
    Posts:
    2
    Location:
    USA

    Thank you, I know about that article it is where I downloaded the DNS Flush tool that I mentioned having used each time the "attack" has happened.

    So I am assuming that because comcast ip is 75.75.75.75... 75 falls between 0 and 255 where the last "x"s are that I can add it to the safe IP address section of my ESS5? Would you recommend adding it to the directory, or leave it alone and continue flushing anytime this ip is detected as a threat?

    Thanks!
     
Thread Status:
Not open for further replies.