DNS Cache Poisoning | Originating From My ISP

Discussion in 'ESET Smart Security' started by Thy_Zombie, Feb 24, 2012.

Thread Status:
Not open for further replies.
  1. Thy_Zombie

    Thy_Zombie Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    5
    .
    Hey All

    I'm getting these Cache Poisoning Attack alerts, way too frequently! Like many others threads I have read in this forum, they are originating from my ISP. So I take it that these are false-positive alerts.

    I don't want to disable this function within ESET SS v5.0.95.0.

    What I want to know is:

    A) Is this a known bug specific to this version of ESET SS?
    B) Apart from diabling this function, is there a known workaround?
    C) Is there a Beta version/release that has fixed this issue?
    D) Is there any talk of a new stable release soon which addresses this?

    Looking forward to any replies. Thanx.


    - TZ!
    .
     

    Attached Files:

  2. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
  3. tijgert

    tijgert Registered Member

    Joined:
    Mar 11, 2012
    Posts:
    1
    Location:
    Amsterdam
    I am plagued by the same problem.

    My ISP has two DNS servers and both of the IP addresses give me that poisoning attack warning.
    The DNS-Flush tool seems at first to do its thing but after a manual reboot (it doesn't reboot automatically) the problem persists.
    A home made batch file with a similar procedure:

    @Echo on
    pushd\windows\system32\drivers\etc
    attrib -h -s -r hosts
    echo 127.0.0.1 localhost>HOSTS
    attrib +r +h +s hosts
    popd
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset all
    shutdown -r -t 1
    del %0

    ..does reboot automatically at the end, but still doesn't fix it.

    I use the .95 version and can't find any infection after a scan...

    Is there a (good) reason why I wouldn't want to turn off this check? And how DO I turn it off??
     
Thread Status:
Not open for further replies.