Local Networking & Cache Poisoning attack

Hi,
Since install ESS beta on my local network I have been unable to access each of the computers with ESS installed; They are not visible. If i remove ESS I can see them again.

I assume this is a setting issue and I have the local network as trusted but it does not appear to make any difference.

Some help with this would be great.

In addition while trying to work through this issue I checked logs and notice the following. x.x.x.254 is obviously the my gateway. Thoughts ?

4/09/2007 10:33:44 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
4/09/2007 10:33:40 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
4/09/2007 10:33:38 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
4/09/2007 10:33:37 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
4/09/2007 10:33:36 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
4/09/2007 10:32:42 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1245 UDP
4/09/2007 10:32:38 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1245 UDP
4/09/2007 10:32:36 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1245 UDP
4/09/2007 10:32:36 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1245 UDP
4/09/2007 10:32:34 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1245 UDP
4/09/2007 10:18:47 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:2057 UDP
4/09/2007 10:18:45 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1036 UDP
4/09/2007 10:18:43 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:2057 UDP
4/09/2007 10:18:41 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:2057 UDP
4/09/2007 10:18:41 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1036 UDP
4/09/2007 10:18:40 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:2057 UDP
4/09/2007 10:18:39 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:2057 UDP
4/09/2007 10:18:38 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1036 UDP
4/09/2007 10:18:37 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1036 UDP
4/09/2007 10:18:36 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1036 UDP
4/09/2007 10:15:21 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
4/09/2007 10:15:17 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
4/09/2007 10:15:15 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
4/09/2007 10:15:14 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
4/09/2007 10:15:13 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
4/09/2007 10:15:10 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1134 UDP
4/09/2007 10:07:04 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
4/09/2007 9:30:12 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1095 UDP
4/09/2007 9:23:44 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
4/09/2007 9:23:43 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1095 UDP
4/09/2007 9:23:39 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1096 UDP
4/09/2007 9:22:56 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1095 UDP
4/09/2007 9:22:52 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1095 UDP
4/09/2007 9:22:50 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1095 UDP
4/09/2007 9:22:49 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1095 UDP
4/09/2007 9:22:48 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1095 UDP
4/09/2007 9:22:47 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1134 UDP
4/09/2007 9:19:53 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1095 UDP
4/09/2007 9:12:27 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1036 UDP
4/09/2007 9:10:08 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1956 UDP
4/09/2007 9:10:04 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1096 UDP
4/09/2007 9:10:03 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1956 UDP
4/09/2007 9:06:15 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1956 UDP
4/09/2007 5:20:17 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1134 UDP

 

Could you please capture some packets using Ethereal and send it to support[at]eset.com with this thread's name in the subject?

 

Got the same and I'm sure the attackers are the official external DNS servers as configured in on my interface. So I don't think it's an attack.

Note that my machine is acting as DNS server so there may be more than the usual queries traffic (zone transfers etc.)

 

It's probably a false positive, but check it out. I went thru similar with periodic "attack" from OpenDNS when I ran ESS.