DNS Problem on slow Computer with Windows 2000

Discussion in 'ESET Smart Security' started by samoht, Apr 13, 2008.

Thread Status:
Not open for further replies.
  1. samoht

    samoht Registered Member

    Joined:
    Apr 13, 2008
    Posts:
    4
    Im using the newest Eset Smart Security Version 3.0.650 on a very slow Computer (Laptop with 266 MHZ Pentium) with the latest Security updates and Service packs every thing worked fine.
    Until the April hotfixes where downloaded and installed, suddenly the adress resolution (DNS) didn't work properly.
    That means that if I tiped in an adress like www.eset.com first it couldn't resolve the adress the browser complained www.eset.com not found. If i typed it several times after the third or more times suddenly the www.eset could be displayed.
    The same happend with my email client. It couldn't resolve the DNS adress of the email server.
    What I read about the hotfixes there is a dns related hotfix installed. What i suspect is that it is a timing related issue, because on other computers it works.
    (Meaning faster computers).

    If i disable the protocol filtering (Web access protection) the dns resolution works again

    Any ideas what i could do without disabling the web protection.
    ( I'm using Thunderbird 2 and firefox 3.b5)

    Sincerly samoht
     
  2. GaryRW

    GaryRW Registered Member

    Joined:
    May 14, 2005
    Posts:
    141
    Location:
    OH, USA
    I run a Win2Kpro on one of my computers (700MHz, 512MB) and have had a lot of tcpip.sys and wanarp.sys crashes with ESS, until v650. My WinXPpro's have never had these issues. Also, there have never been these problems with EAV so it's the firewall that was the problem. So consider yourself lucky that you came aboard at v650. Actually, more specifically v1038 of firewall module fixed my problems. I still have ntoskrnl.exe crashes after many hours of working, but it may not be ESS's fault. However, it's rock solid without ESS.

    I have never had DNS problems with any version of ESS. There are timeout limits for DNS response and slow response is a known problem with some DNS services. Usually they are sporadic and related to heavy traffic times. I don't know who your DNS service is, probably your ISP, but you may try http://www.opendns.com/ which provides demonstrated performance and other advantages. If there is no improvement, then you know it's in your system.
     
  3. patch

    patch Registered Member

    Joined:
    May 14, 2007
    Posts:
    178
    DNS access from Windows 2000 pro also has stopped working reliably for me also.

    Started getting lots of "DNS poison attack messages in the log" with it identifying my billion router as the source.
    Disabling "DNS poision attack detection" helps but then I get a few rule not found.

    Edit
    First noticed after changed the IP address of on of the windows 2000 machines by fixing it in the router
    (Billion 7402vgp configuration -> Lan -> DHCP server -> Fix Host -> )
    Reverting to an older version of the router configuration did not fix it though.

    Also same symptoms developed in a second windows 2000 machine which I hadn't done anything to.

    Running 3.0.650.0 on all computers
     
    Last edited: Apr 14, 2008
  4. samoht

    samoht Registered Member

    Joined:
    Apr 13, 2008
    Posts:
    4
    I tried www.opendns.com and somewhat it seems to improve the situation. But it doesn't solve the situation. So I think it is definitivly my Windows 2000 or machine.

    Then i tried to deinstall the DNS Spoofing patch but this didn't improve the situation either.

    http://support.microsoft.com/?kbid=945553


    Thanks for your tips

    samoht
     
  5. samoht

    samoht Registered Member

    Joined:
    Apr 13, 2008
    Posts:
    4
    Finally i found the Log files and they although say DNS cache poisoning attack
    The first address is from my router and the second is my adress in the network

    11.04.2008 23:19:12 Detected DNS cache poisoning attack 192.168.1.1:53 192.168.1.33:1040 UDP

    If i switched to www.opendns.com the DNS cache poisoning attack came from this DNS server ?

    Although for me disableing DNS poisoning attack detection solved the problems. But I do this with a bad feeling. (Is a worm trying to enter my machine?)


    Sincerly samoht
     
    Last edited: Apr 15, 2008
  6. GaryRW

    GaryRW Registered Member

    Joined:
    May 14, 2005
    Posts:
    141
    Location:
    OH, USA
    Yes, I get the DNS Poisoning Attacks from OpenDNS also. They occur in clusters and have thru all ESS versions. I was told by Eset many versions ago that they were probably false positives, but the issue probably should be revisited with v650. Especially since Eset has a specific option for it in their IDS parameters. On the other hand, OpenDNS is used by millions of users with billions of fulfilled requests and Eset is new to the firewall business.

    Perhaps we should ask other ESS users if they are getting these DNS Poisoning Attacks with their DNS services.
     
  7. GaryRW

    GaryRW Registered Member

    Joined:
    May 14, 2005
    Posts:
    141
    Location:
    OH, USA
  8. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    Hi, I'm not sure If we have the same problem, but I used to have the same DNS cache poisoning attacks and Issues with DNS in the past. I sent a support ticket to Eset using ESS's own support and I was suggested to send a log from wireshark that recorded traffic when ESS detected the attacks.
    After a while, Eset support told me that the problem was my router and not my machine or ESS, and ¡it turned out that they where right! I switched my router and now everything works fine.
    Another thing you should consider is that sometimes routers tend to get saturated by traffic intensive applications, like P2P and stuff (I know because I've had this problen) resulting in poor DNS performance on slow machines because the Router gets overloaded.
     
  9. samoht

    samoht Registered Member

    Joined:
    Apr 13, 2008
    Posts:
    4
    I didn`t switch the router, but I switched the computer. Now I have a core duo 1.82 Ghz notebook with windows vista and now everything works fine.

    Sincerly samoht
     
  10. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I just unchecked the DNS box. Everything else is checked though. ESS is running very smooth.:thumb:
     
  11. Tomoja

    Tomoja Registered Member

    Joined:
    Feb 8, 2008
    Posts:
    4
    I have same problem too.
    I avoided this problem by stopping "DNS Client" windows's service.
    Please try it. And please tell me a result.
     
  12. GaryRW

    GaryRW Registered Member

    Joined:
    May 14, 2005
    Posts:
    141
    Location:
    OH, USA
Thread Status:
Not open for further replies.