DNS Cache Poisoning being logged almost continuously

Discussion in 'ESET Smart Security' started by archie400, May 15, 2009.

Thread Status:
Not open for further replies.
  1. archie400

    archie400 Registered Member

    Joined:
    Aug 6, 2008
    Posts:
    5
    I've recently upgraded to 4.0.424.0 of ESS from the last V3 version and I seem to be getting (still) multiple and frequent "DNS Cache Poisoning" messages in the Firewall log.

    The log shows:

    16/05/2009 10:40:13 Detected DNS cache poisoning attack 192.168.0.254:53 192.168.0.23:2255 UDP
    16/05/2009 10:40:12 Detected DNS cache poisoning attack 192.168.0.254:53 192.168.0.23:2255 UDP
    16/05/2009 10:40:11 Detected DNS cache poisoning attack 192.168.0.254:53 192.168.0.23:2255 UDP

    The concern is that 192.168.0.254 is actually my router talking to my PC!!!

    Is this a bug in the ESS firewall code or is this a real poisoning attack and, if so, what actions are recommended to figure out where it is coming from?

    There doesn't seem to be any errors logged in the router itself so I'm puzzled as to the cause of the messages and problems.

    The only other info I can find is that this connection between 254:53 and 23:2255 seems to be under the "ekrn.exe" module.
     
    Last edited: May 15, 2009
  2. guest

    guest Guest

    The router is used as a kind of dns proxy for your network... I don't know why eset is detecting this but I have seen the same problem with some routers....

    This is not dangerous and since you are using your router for your dns proxying, you can disable the dns cache poisoning attack detection... there is no real risks

    Alex
     
Thread Status:
Not open for further replies.