DNS problems

Discussion in 'ESET Smart Security' started by rodneys, May 8, 2008.

Thread Status:
Not open for further replies.
  1. rodneys

    rodneys Registered Member

    Joined:
    May 8, 2008
    Posts:
    3
    Hi all,

    I'm currently testing ESET Smart Security 3.0.650.0 on my Windows 2000 machine. I have experienced the following problem:
    - loading web sites (with firefox, for example) is very slow
    - some web sites are not loaded at all (server not found)

    Looking to the firewall log messages, the reason for this problem is quite obvious: the firewall is identifying the DNS responses from the DNS server as attacks (message "DNS Cache poisoning attack"). Of course, the DNS server is not attacking anybody (I tried it with different DNS servers). This certainly is a bug in the firewall.

    I "solved" this problem on my machine by deactivating the Web protection component.

    Some days ago, another user has reported the same problem in this forum and a similar problem has been already reported in April. I strongly recommend ESET to take this problem serious. This is an absolute show stopper. Any "normal" user (i.e., not familiar with network technology) would discard Smart Security from his/her machine without thinking twice.
     
  2. knacki99

    knacki99 Registered Member

    Joined:
    May 5, 2008
    Posts:
    11
    I noticed this too; Vista x64 SP1 English:

    5/8/2008 8:11:05 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.251.241:56348 UDP
    5/8/2008 8:11:05 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.251.241:56348 UDP
    5/8/2008 8:11:01 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.251.241:56348 UDP
    5/8/2008 8:11:01 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.251.241:56348 UDP
    5/8/2008 8:10:59 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.251.241:56348 UDP
    5/8/2008 8:10:59 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.251.241:56348 UDP
    5/8/2008 8:10:58 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.251.241:56348 UDP
    5/8/2008 8:10:58 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.251.241:56348 UDP
    5/8/2008 8:10:57 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.251.241:56348 UDP
    5/8/2008 7:43:09 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.251.241:58205 UDP
    5/8/2008 7:43:09 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.251.241:58205 UDP
    5/8/2008 7:43:05 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.251.241:58205 UDP
    5/8/2008 7:43:05 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.251.241:58205 UDP
    5/8/2008 7:43:03 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.251.241:58205 UDP
    5/8/2008 7:43:03 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.251.241:58205 UDP
    5/8/2008 7:43:02 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.251.241:58205 UDP
    5/8/2008 7:43:02 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.251.241:58205 UDP
    5/8/2008 7:43:01 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.251.241:58205 UDP
    5/7/2008 3:43:19 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.241.161:62962 UDP
    5/7/2008 3:43:19 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.241.161:62962 UDP
    5/7/2008 3:43:15 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.241.161:62962 UDP
    5/7/2008 3:43:15 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.241.161:62962 UDP
    5/7/2008 3:43:13 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.241.161:62962 UDP
    5/7/2008 3:43:13 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.241.161:62962 UDP
    5/7/2008 3:43:12 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.241.161:62962 UDP
    5/7/2008 3:43:12 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.241.161:62962 UDP
    5/7/2008 3:43:11 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.241.161:62962 UDP
    5/6/2008 8:39:16 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.236.65:59017 UDP
    5/6/2008 8:39:16 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.236.65:59017 UDP
    5/6/2008 8:39:15 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.236.65:59017 UDP
    5/6/2008 8:38:47 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.236.65:56879 UDP
    5/6/2008 8:38:47 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.236.65:56879 UDP
    5/6/2008 8:38:43 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.236.65:56879 UDP
    5/6/2008 8:38:43 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.236.65:56879 UDP
    5/6/2008 8:38:41 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.236.65:56879 UDP
    5/6/2008 8:38:41 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.236.65:56879 UDP
    5/6/2008 8:38:40 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.236.65:56879 UDP
    5/6/2008 8:38:40 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.236.65:56879 UDP
    5/6/2008 8:38:39 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.236.65:56879 UDP
    5/6/2008 7:49:43 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.115.86:55044 UDP
    5/6/2008 7:49:43 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.115.86:55044 UDP
    5/6/2008 7:49:43 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.115.86:55044 UDP
    5/5/2008 11:54:48 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.87.174:50834 UDP
    5/5/2008 11:54:47 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.87.174:50834 UDP
    5/5/2008 11:54:47 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.87.174:50834 UDP
    5/4/2008 5:02:13 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.247.101:52079 UDP
    5/4/2008 5:02:11 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.247.101:52079 UDP
    5/4/2008 5:02:10 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.247.101:52079 UDP
    5/4/2008 10:53:58 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.93.73:51815 UDP
    5/4/2008 10:53:57 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.93.73:51815 UDP
    5/4/2008 10:53:53 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.93.73:51815 UDP
    5/4/2008 10:53:53 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.93.73:51815 UDP
    5/4/2008 10:53:51 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.93.73:51815 UDP
    5/4/2008 10:53:51 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.93.73:51815 UDP
    5/4/2008 10:53:50 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.93.73:51815 UDP
    5/4/2008 10:53:50 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.93.73:51815 UDP
    5/4/2008 10:53:49 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.93.73:51815 UDP
    5/4/2008 10:27:21 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.93.73:51393 UDP
    5/4/2008 10:27:21 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.93.73:51393 UDP
    5/4/2008 10:27:17 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.93.73:51393 UDP
    5/4/2008 10:27:17 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.93.73:51393 UDP
    5/4/2008 10:27:15 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.93.73:51393 UDP
    5/4/2008 10:27:15 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.93.73:51393 UDP
    5/4/2008 10:27:14 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.93.73:51393 UDP
    5/4/2008 10:27:14 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.93.73:51393 UDP
    5/4/2008 10:27:13 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.93.73:51393 UDP
    5/3/2008 4:10:26 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.126.165:59685 UDP
    5/3/2008 4:10:26 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.126.165:59685 UDP
    5/3/2008 4:10:22 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.126.165:59685 UDP
    5/3/2008 4:10:22 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.126.165:59685 UDP
    5/3/2008 4:10:20 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.126.165:59685 UDP
    5/3/2008 4:10:20 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.126.165:59685 UDP
    5/3/2008 4:10:19 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.126.165:59685 UDP
    5/3/2008 4:10:19 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.126.165:59685 UDP
    5/3/2008 4:10:18 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.126.165:59685 UDP
    5/3/2008 10:10:35 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.196.20:52751 UDP
    5/3/2008 10:10:35 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.196.20:52751 UDP
    5/3/2008 10:10:31 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.196.20:52751 UDP
    5/3/2008 10:10:31 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.196.20:52751 UDP
    5/3/2008 10:10:29 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.196.20:52751 UDP
    5/3/2008 10:10:29 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.196.20:52751 UDP
    5/3/2008 10:10:28 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.196.20:52751 UDP
    5/3/2008 10:10:28 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.196.20:52751 UDP
    5/3/2008 10:10:27 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.196.20:52751 UDP
    5/3/2008 9:43:28 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.196.20:50143 UDP
    5/3/2008 9:43:27 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.196.20:50143 UDP
    5/3/2008 9:43:27 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.196.20:50143 UDP
    5/3/2008 8:51:26 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.43.43:54062 UDP
    5/3/2008 8:51:25 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.43.43:54062 UDP
    5/3/2008 8:51:25 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.43.43:54062 UDP
    5/3/2008 6:36:50 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.68.155:53595 UDP
    5/3/2008 6:36:49 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.68.155:53595 UDP
    5/3/2008 6:36:49 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.68.155:53595 UDP
    5/2/2008 7:47:10 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.55.220:55023 UDP
    5/2/2008 7:47:10 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.55.220:55023 UDP
    5/2/2008 7:47:06 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.55.220:55023 UDP
    5/2/2008 7:47:06 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.55.220:55023 UDP
    5/2/2008 7:47:04 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.55.220:55023 UDP
    5/2/2008 7:47:04 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.55.220:55023 UDP
    5/2/2008 7:47:03 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.55.220:55023 UDP
    5/2/2008 7:47:03 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.55.220:55023 UDP
    5/2/2008 7:47:02 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.55.220:55023 UDP
    5/2/2008 2:25:09 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.106.125:64087 UDP
    5/2/2008 2:25:09 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.106.125:64087 UDP
    5/2/2008 2:25:09 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.106.125:64087 UDP
    5/1/2008 8:12:21 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.172.224:52365 UDP
    5/1/2008 8:12:21 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.172.224:52365 UDP
    5/1/2008 8:12:17 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.172.224:52365 UDP
    5/1/2008 8:12:17 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.172.224:52365 UDP
    5/1/2008 8:12:15 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.172.224:52365 UDP
    5/1/2008 8:12:15 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.172.224:52365 UDP
    5/1/2008 8:12:14 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.172.224:52365 UDP
    5/1/2008 8:12:14 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.172.224:52365 UDP
    5/1/2008 8:12:13 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.172.224:52365 UDP
    4/29/2008 7:37:29 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.199.232:58538 UDP
    4/29/2008 7:37:29 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.199.232:58538 UDP
    4/29/2008 7:37:25 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.199.232:58538 UDP
    4/29/2008 7:37:25 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.199.232:58538 UDP
    4/29/2008 7:37:23 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.199.232:58538 UDP
    4/29/2008 7:37:23 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.199.232:58538 UDP
    4/29/2008 7:37:22 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.199.232:58538 UDP
    4/29/2008 7:37:22 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.199.232:58538 UDP
    4/29/2008 7:37:21 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.199.232:58538 UDP
    4/29/2008 6:08:42 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.177.59:64297 UDP
    4/29/2008 6:08:41 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.177.59:64297 UDP
    4/29/2008 6:08:41 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.177.59:64297 UDP
    4/28/2008 2:50:33 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.44.223:54509 UDP
    4/28/2008 2:50:33 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.44.223:54509 UDP
    4/28/2008 2:50:29 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.44.223:54509 UDP
    4/28/2008 2:50:29 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.44.223:54509 UDP
    4/28/2008 2:50:27 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.44.223:54509 UDP
    4/28/2008 2:50:27 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.44.223:54509 UDP
    4/28/2008 2:50:26 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.44.223:54509 UDP
    4/28/2008 2:50:26 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.44.223:54509 UDP
    4/28/2008 2:50:25 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.44.223:54509 UDP
    4/27/2008 11:46:30 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.77.37:56435 UDP
    4/27/2008 11:46:30 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.77.37:56435 UDP
    4/27/2008 11:46:26 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.77.37:56435 UDP
    4/27/2008 11:46:26 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.77.37:56435 UDP
    4/27/2008 11:46:25 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.77.37:56435 UDP
    4/27/2008 11:46:25 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.77.37:56435 UDP
    4/27/2008 11:46:23 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.77.37:56435 UDP
    4/27/2008 11:46:23 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.77.37:56435 UDP
    4/27/2008 11:46:22 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.77.37:56435 UDP
    4/27/2008 11:11:31 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.209.220:54090 UDP
    4/27/2008 11:11:31 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.209.220:54090 UDP
    4/27/2008 11:11:27 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.209.220:54090 UDP
    4/27/2008 11:11:27 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.209.220:54090 UDP
    4/27/2008 11:11:25 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.209.220:54090 UDP
    4/27/2008 11:11:25 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.209.220:54090 UDP
    4/27/2008 11:11:24 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.209.220:54090 UDP
    4/27/2008 11:11:24 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.209.220:54090 UDP
    4/27/2008 11:11:23 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.209.220:54090 UDP
    4/27/2008 11:06:42 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.209.220:62915 UDP
    4/27/2008 11:06:42 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.209.220:62915 UDP
    4/27/2008 11:06:42 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.209.220:62915 UDP
    4/27/2008 10:49:36 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.209.220:51591 UDP
    4/27/2008 10:49:36 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.209.220:51591 UDP
    4/27/2008 10:49:35 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.209.220:51591 UDP
    4/26/2008 6:36:33 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.200.113:60017 UDP
    4/26/2008 6:36:33 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.200.113:60017 UDP
    4/26/2008 6:36:32 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.200.113:60017 UDP
    4/26/2008 12:17:55 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.152.229:65062 UDP
    4/26/2008 12:17:54 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.152.229:65062 UDP
    4/26/2008 12:17:54 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.152.229:65062 UDP
    4/26/2008 10:38:27 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.2.181:55599 UDP
    4/26/2008 10:38:27 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.2.181:55599 UDP
    4/26/2008 10:38:26 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.2.181:55599 UDP
    4/24/2008 6:25:28 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.131.202:64288 UDP
    4/24/2008 6:25:27 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.131.202:64288 UDP
    4/24/2008 6:25:27 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.131.202:64288 UDP
    4/22/2008 7:47:24 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.193.155:49179 UDP
    4/22/2008 7:47:24 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.193.155:49179 UDP
    4/22/2008 7:47:20 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.193.155:49179 UDP
    4/22/2008 7:47:20 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.193.155:49179 UDP
    4/22/2008 7:47:18 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.193.155:49179 UDP
    4/22/2008 7:47:18 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.193.155:49179 UDP
    4/22/2008 7:47:17 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.193.155:49179 UDP
    4/22/2008 7:47:17 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.193.155:49179 UDP
    4/22/2008 7:47:16 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.193.155:49179 UDP
    4/22/2008 7:20:32 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.193.155:49677 UDP
    4/22/2008 7:20:31 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.193.155:49677 UDP
    4/22/2008 7:20:31 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.193.155:49677 UDP
    4/21/2008 8:40:51 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.232.197:49514 UDP
    4/21/2008 8:40:51 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.232.197:49514 UDP
    4/21/2008 8:40:47 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.232.197:49514 UDP
    4/21/2008 8:40:47 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.232.197:49514 UDP
    4/21/2008 8:40:46 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.232.197:49514 UDP
    4/21/2008 8:40:46 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.232.197:49514 UDP
    4/21/2008 8:40:44 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.232.197:49514 UDP
    4/21/2008 8:40:44 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.232.197:49514 UDP
    4/21/2008 8:40:43 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.232.197:49514 UDP
    4/21/2008 8:31:00 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.232.197:50494 UDP
    4/21/2008 8:31:00 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.232.197:50494 UDP
    4/21/2008 8:31:00 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.232.197:50494 UDP
    4/20/2008 7:33:53 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.140.147:52129 UDP
    4/20/2008 7:33:53 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.140.147:52129 UDP
    4/20/2008 7:33:49 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.140.147:52129 UDP
    4/20/2008 7:33:49 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.140.147:52129 UDP
    4/20/2008 7:33:47 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.140.147:52129 UDP
    4/20/2008 7:33:47 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.140.147:52129 UDP
    4/20/2008 7:33:46 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.140.147:52129 UDP
    4/20/2008 7:33:46 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.140.147:52129 UDP
    4/20/2008 7:33:45 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.140.147:52129 UDP
    4/19/2008 6:31:32 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.105.198:62764 UDP
    4/19/2008 6:31:32 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.105.198:62764 UDP
    4/19/2008 6:31:28 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.105.198:62764 UDP
    4/19/2008 6:31:28 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.105.198:62764 UDP
    4/19/2008 6:31:26 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.105.198:62764 UDP
    4/19/2008 6:31:26 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.105.198:62764 UDP
    4/19/2008 6:31:25 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.105.198:62764 UDP
    4/19/2008 6:31:25 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.105.198:62764 UDP
    4/19/2008 6:31:24 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.105.198:62764 UDP
    4/19/2008 8:22:19 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.170.255:55367 UDP
    4/19/2008 8:22:18 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.170.255:55367 UDP
    4/19/2008 8:22:17 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.170.255:55367 UDP
    4/19/2008 7:52:55 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.170.255:53008 UDP
    4/19/2008 7:52:55 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.170.255:53008 UDP
    4/19/2008 7:52:51 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.170.255:53008 UDP
    4/19/2008 7:52:51 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.170.255:53008 UDP
    4/19/2008 7:52:49 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.170.255:53008 UDP
    4/19/2008 7:52:49 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.170.255:53008 UDP
    4/19/2008 7:52:48 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.24.170.255:53008 UDP
    4/19/2008 7:52:48 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.170.255:53008 UDP
    4/19/2008 7:52:47 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.24.170.255:53008 UDP
    4/17/2008 9:33:04 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.169.135:56976 UDP
    4/17/2008 9:33:04 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.169.135:56976 UDP
    4/17/2008 9:33:00 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.169.135:56976 UDP
    4/17/2008 9:33:00 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.169.135:56976 UDP
    4/17/2008 9:32:58 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.169.135:56976 UDP
    4/17/2008 9:32:58 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.169.135:56976 UDP
    4/17/2008 9:32:57 PM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.169.135:56976 UDP
    4/17/2008 9:32:57 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.169.135:56976 UDP
    4/17/2008 9:32:56 PM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.169.135:56976 UDP
    4/17/2008 2:35:31 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.190.223:58984 UDP
    4/17/2008 2:35:31 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.190.223:58984 UDP
    4/17/2008 2:35:27 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.190.223:58984 UDP
    4/17/2008 2:35:27 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.190.223:58984 UDP
    4/17/2008 2:35:25 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.190.223:58984 UDP
    4/17/2008 2:35:24 AM Detected DNS cache poisoning attack 139.7.30.126:53 77.25.190.223:58984 UDP
    4/17/2008 2:35:23 AM Detected DNS cache poisoning attack 139.7.30.125:53 77.25.190.223:58984 UDP
     
    Last edited: May 8, 2008
  3. sherryxp2000

    sherryxp2000 Registered Member

    Joined:
    Nov 14, 2007
    Posts:
    96
    Same problem also

    I looked at my firewall log, same problem on my machine also.

    Happened with both SP2 and SP3 on my XP Machines.
     
  4. knacki99

    knacki99 Registered Member

    Joined:
    May 5, 2008
    Posts:
    11
    bump thread up.
     
  5. rodneys

    rodneys Registered Member

    Joined:
    May 8, 2008
    Posts:
    3
    > bump thread up.

    Thanks. I wonder why ESET is not reacting to the problem. I found another posting about the same problem from October, 2007.
    Are only a couple of users affected by it? I hope so for ESET. I wonder how many potential customers have been put off by this issue. I mean, would you buy a security software that (apparently) breaks/slows down your web browser? (how many users would look at the firewall log messages?)

    Nevertheless, turning off the DNS poisoning attack detection in the firewall settings helps.
     
  6. patch

    patch Registered Member

    Joined:
    May 14, 2007
    Posts:
    178
    Same here with windows 2000 as reported https://www.wilderssecurity.com/showthread.php?t=208072

    Disabling the "DNS poision attack detection" helps but I then get some no rule errors and intermittent browsing problems

    Occurs only on Windows 2000 professional (fully updated) & not XP
     
  7. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Your not alone,Vista problem to,Firewall needs attention.
     
  8. kFyros

    kFyros Registered Member

    Joined:
    May 10, 2008
    Posts:
    4
    Location:
    Athens, Greece
    I see the same log records in my office
    (eset smart security business edition in three computers with vista-xp-win 2003) .
    It does not affect performance.

    I noticed that these attacks happen in some periods of the day.

    I don' t think this is a firewall problem, but actual attacks from robots or computers that mask as dns servers. But I can't be sure.

    I created a rule and allowed dns communication ONLY with my domain DNS SERVER (local intranet) and my ISP's DNS Servers
    (In Out -
    UDP & TCP -
    Local Port 53 -
    Remote Port ANY
    - Trusted Zone and ISP's DNS Servers)


    ESET technicians shouldn't reply to these forums ? Or it's just for fun?
     
  9. rodneys

    rodneys Registered Member

    Joined:
    May 8, 2008
    Posts:
    3
    I think something different is happening in your network than in mine. Perhaps there are really attacks in your network.
    1. On my machine it affects the performance of the Web browser, simply because the firewall blocks the DNS responses -> browser can not resolve the host name -> error
    2. I'm quite sure that it's not an attack. I tried it out with the DNS server of my router and with OpenDNS. Always the same result. The source of the alleged "attack" is always the configured DNS server.
     
  10. patch

    patch Registered Member

    Joined:
    May 14, 2007
    Posts:
    178
    Yep mine is trying to tell me my router is attacking my Windows 2000 machines
    After I disable "DNS poison attack detection"

    10/05/2008 2:26:54 PM No usable rule found 192.168.1.254:53 192.168.1.2:2319 UDP
    10/05/2008 2:26:54 PM No usable rule found 192.168.1.254:53 192.168.1.2:2319 UDP
    10/05/2008 1:27:02 PM No usable rule found 192.168.1.254:53 192.168.1.2:2236 UDP
    10/05/2008 1:27:01 PM No usable rule found 192.168.1.254:53 192.168.1.2:2237 UDP
    10/05/2008 1:27:01 PM No usable rule found 192.168.1.254:53 192.168.1.2:2237 UDP
    10/05/2008 11:54:26 AM No usable rule found 192.168.1.18:68 255.255.255.255:67 UDP
    10/05/2008 11:54:21 AM No usable rule found 192.168.1.18:68 255.255.255.255:67 UDP
    10/05/2008 11:30:08 AM No usable rule found 192.168.1.254:53 192.168.1.2:2058 UDP
    10/05/2008 11:30:08 AM No usable rule found 192.168.1.254:53 192.168.1.2:1970 UDP

    Where
    192.168.1.2 = computer running Windows 2000 and ESS
    192.168.1.254 = my router Billion 7402vgp
    Port 53 = DNS Service is typically used to convert between URL's and IP Addresses

    Solution for me
    Uninstall ESET, reinstall nod32
    Clear cache etc. in firefox
    System works as it should

    ESET really should fix this
     
  11. knacki99

    knacki99 Registered Member

    Joined:
    May 5, 2008
    Posts:
    11
    hello ESET?
     
  12. kFyros

    kFyros Registered Member

    Joined:
    May 10, 2008
    Posts:
    4
    Location:
    Athens, Greece
    Nod 32 is a fine program, and it does just one job.
    It scans for viruses.
    It is probably the best antivirus at this time.

    The ESET security suite is many things.
    Antivirus
    Firewall
    Antispyware
    Antispam

    Some of them work fine but some don't.

    I think the firewall needs work and is complicated enough even for a technician.
    It should be enriched with a standard set of rules for various purposes, and the Allow - Deny prompt dialog should be more intelligent when creating a rule.
    For example , in windows vista , when we use the searchfilterhost.exe (it's the executable that is processing every request with post in the windows searchbar) ,
    the firewall is asking for verification of every request we make (it creates different similar rules everytime).

    Also, if we leave the firewall in automatic mode (and not interactive), we won't be able to work with our computer because we don't get any alerts...
     
  13. alphadog

    alphadog Registered Member

    Joined:
    Mar 19, 2007
    Posts:
    35
    The same is happening on my workplace network. Installed ESS v3.0.650 on a dozen systems and I get:

    1. One system that has a ton of "DNS cache poisoning" attacks in the firewall log. It hits when going on outbound sites only; internal sites do not seem to trigger the same errors. It also eventually works, but otherwise gives the end-user a "not found" error.
    2. Same system occasionally gives a "ARP cache poisoning attack", but nowhere near as often as the above.
    3. Various systems give me "Reverse TCP desynchronization attack". Not sure what to do about that one too.

    And, like you, ESET has been very unhelpful in this forum about this issue. :mad: (It may be that I need to contact them directly, but this forum is generally a good mix of helpful ESET and independent users and I like trying this first.)

    There are multiple threads on this issue, and while ESET answers in other threads, these threads go unanswered. I take it as evidence that it is a problem they are incapable of solving right now.
     
  14. GaryRW

    GaryRW Registered Member

    Joined:
    May 14, 2005
    Posts:
    141
    Location:
    OH, USA
    These are from Vodafone, which is probably your ISP. On my DSL I get floods of these using OpenDNS, a dedicated DNS service. It's much worse now than on prior versions. I also get them on my dialup but less frequent.

    For those behind a router, the router can also be the cause. Do a search on "DNS cache poisoning" on these forums and you will see the issue brought up since at least 11/2007 for ESS. Google the same phrase and you will get many references. Unless they are false positives, they were a serious exploit years ago and were supposedly understood and fixed at large.

     
  15. sherryxp2000

    sherryxp2000 Registered Member

    Joined:
    Nov 14, 2007
    Posts:
    96
    Any news, fix help for this lately?

    Any news, fix help for this lately?
     
  16. GaryRW

    GaryRW Registered Member

    Joined:
    May 14, 2005
    Posts:
    141
    Location:
    OH, USA
    This describes DNS Cache Poisioning Vulnerability. Select "Test My DNS" on page to do test of your DNS resolver.

    https://www.dns-oarc.net/oarc/services/dnsentropy

    FYI: I use OpenDNS on DSL and Dialup Analog and get floods of DNS Cache Poisoning logs even though OpenDNS receives the highest rating "GREAT". I downgraded to NOD32 v3 and changed to Comodo FW and I no longer get any DNS cache poisoning logs.
     
  17. eTuner

    eTuner Registered Member

    Joined:
    Jul 29, 2008
    Posts:
    9
    I have this, also, but I never knew what the DNS poining attacks were for.

    Doing speed tests with and without the firewall, I have come to the conclusion that ESET Smart security is the culprit for my recen slowdowns. Any way to fix this without disrupting normal behavior would be appreciated.
     
  18. clyde123

    clyde123 Registered Member

    Joined:
    Apr 11, 2008
    Posts:
    69
    Location:
    Glasgow
    Has there been any update on this issue ?
    I have a user with similar problems to original poster.
     
  19. Yorky35

    Yorky35 Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    13
    I'm having this problem as well.

    No answer from Eset, so bumping the thread up. As this is an official support forum, can we please have some Eset input on this?
     
  20. p5ym0n

    p5ym0n Registered Member

    Joined:
    Sep 23, 2008
    Posts:
    3
    Getting the same problem.
    Bought a new NIC thinking it was that.
    Disabled NOD32 firewall seems to work, but shouldn't have to do this.
    This actually started 4-5 weeks ago, but I thought it was just my ISP. Has got increasingly worse though - DNS lookups fail, web sites really slow, connection interrupted errors.
    I'm using Vista 64 Home Premium. ESET Smart Security 3.0.650.0.

    Hope this gets fixed quick.
    Have just read there's an update: v3.0.672 ( https://www.wilderssecurity.com/showthread.php?t=218459 ) - going to try that.
     
  21. MysticG

    MysticG Registered Member

    Joined:
    Apr 22, 2008
    Posts:
    19
    I have the same exact problem. I tried so many things to troubleshoot it. Now I don't even pay any mind to it. I'm just COMPLETELY surprised Eset hasn't responded to the issue. There should've been a fix by now.
     
  22. p5ym0n

    p5ym0n Registered Member

    Joined:
    Sep 23, 2008
    Posts:
    3
    Yup.
    Well 3.0.672 seems to be better. Although it's hard to tell as this problem can be so random.
    Web sites can still take a while to respond.

    Ah, haha, whilst typing this an FTP session timed out on dns error, so 3.0.672 hasn't cured it anyway.
     
  23. newbie2247

    newbie2247 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    199
    3.0.672 is no better, I should know. I am using it right now and am getting totally bombarded with "detected ARP cache poisoning" in red ink as well as zillions of "no usable rule found" in blue ink.

    I have no idea at all what either means nor do I know what to do about it. I'm nervous as all get out. I don't want a crash or any vulnerabilities either. Big conundrum here since I am no techie.

    1) How concerned should I be?

    2) What can or should I (safely) do to stop all this?

    Any and all help muchly appreciated.

    Signed,

    "Very Scared" Newbie2247
     
  24. COSMO26

    COSMO26 Registered Member

    Joined:
    Oct 21, 2003
    Posts:
    404
    Several posts about this issue suggest Disabling the Logging of the so-called DNS Intrusions. In the Advanced Setup tree/Personal Firewall/IDS & Advanced Options/Intrusion Detections... Un-chk the DNS Poisoning Attack Option.

    You can open an issue with Eset Support to see what their latest response is but it is apparently a Bug still not resolved.
     
  25. newbie2247

    newbie2247 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    199
    Thank you.


    I tried unchecking that box and it still kept happening. So I went back, put the check back in that box and unchecked
    ARP cache poisoning (which is the real problem anyway) and it does not show up in red anymore. But that doesn't mean the problem has gone away, right? Just the reporting of these attacks is not being shown anymore.

    Am I still in trouble is what I need to know? Should I do more?
     
Thread Status:
Not open for further replies.