Local Networking & Cache Poisoning attack

Discussion in 'ESET Smart Security v3 Beta Forum' started by K1LL3M, Sep 4, 2007.

Thread Status:
Not open for further replies.
  1. K1LL3M

    K1LL3M Registered Member

    Joined:
    Aug 31, 2007
    Posts:
    35
    Hi,
    Since install ESS beta on my local network I have been unable to access each of the computers with ESS installed; They are not visible. If i remove ESS I can see them again.

    I assume this is a setting issue and I have the local network as trusted but it does not appear to make any difference.

    Some help with this would be great.

    In addition while trying to work through this issue I checked logs and notice the following. x.x.x.254 is obviously the my gateway. Thoughts ?

    4/09/2007 10:33:44 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
    4/09/2007 10:33:40 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
    4/09/2007 10:33:38 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
    4/09/2007 10:33:37 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
    4/09/2007 10:33:36 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
    4/09/2007 10:32:42 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1245 UDP
    4/09/2007 10:32:38 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1245 UDP
    4/09/2007 10:32:36 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1245 UDP
    4/09/2007 10:32:36 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1245 UDP
    4/09/2007 10:32:34 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1245 UDP
    4/09/2007 10:18:47 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:2057 UDP
    4/09/2007 10:18:45 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1036 UDP
    4/09/2007 10:18:43 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:2057 UDP
    4/09/2007 10:18:41 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:2057 UDP
    4/09/2007 10:18:41 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1036 UDP
    4/09/2007 10:18:40 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:2057 UDP
    4/09/2007 10:18:39 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:2057 UDP
    4/09/2007 10:18:38 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1036 UDP
    4/09/2007 10:18:37 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1036 UDP
    4/09/2007 10:18:36 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1036 UDP
    4/09/2007 10:15:21 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
    4/09/2007 10:15:17 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
    4/09/2007 10:15:15 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
    4/09/2007 10:15:14 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
    4/09/2007 10:15:13 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
    4/09/2007 10:15:10 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1134 UDP
    4/09/2007 10:07:04 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
    4/09/2007 9:30:12 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1095 UDP
    4/09/2007 9:23:44 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1097 UDP
    4/09/2007 9:23:43 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1095 UDP
    4/09/2007 9:23:39 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1096 UDP
    4/09/2007 9:22:56 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1095 UDP
    4/09/2007 9:22:52 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1095 UDP
    4/09/2007 9:22:50 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1095 UDP
    4/09/2007 9:22:49 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1095 UDP
    4/09/2007 9:22:48 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1095 UDP
    4/09/2007 9:22:47 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1134 UDP
    4/09/2007 9:19:53 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1095 UDP
    4/09/2007 9:12:27 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1036 UDP
    4/09/2007 9:10:08 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1956 UDP
    4/09/2007 9:10:04 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1096 UDP
    4/09/2007 9:10:03 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1956 UDP
    4/09/2007 9:06:15 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1956 UDP
    4/09/2007 5:20:17 PM Detected DNS cache poisoning attack 192.168.1.254:53 192.168.1.4:1134 UDP
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Could you please capture some packets using Ethereal and send it to support[at]eset.com with this thread's name in the subject?
     
  3. RaelSixLo

    RaelSixLo Registered Member

    Joined:
    Sep 24, 2007
    Posts:
    1
    Got the same and I'm sure the attackers are the official external DNS servers as configured in on my interface. So I don't think it's an attack.

    Note that my machine is acting as DNS server so there may be more than the usual queries traffic (zone transfers etc.)
     
  4. GaryRW

    GaryRW Registered Member

    Joined:
    May 14, 2005
    Posts:
    141
    Location:
    OH, USA
    It's probably a false positive, but check it out. I went thru similar with periodic "attack" from OpenDNS when I ran ESS.
     
Thread Status:
Not open for further replies.