Recurring popup every couple of minutes

Discussion in 'ESET NOD32 Antivirus/Smart Security Beta' started by arashkhafan, Jul 8, 2011.

Thread Status:
Not open for further replies.
  1. arashkhafan

    arashkhafan Registered Member

    Joined:
    Jul 8, 2011
    Posts:
    2
    hello

    Basically I have this recurring popup every couple of minutes from ESET Smart security saying "Detected DNS cache poisoning attack". Then it says the IP address, Is this a virus? or is there a way to get rid of it without damaging my computer? I have used Eset smart security5 to scan my computer, there was no infected files
    Thanks for any help posted.

    07/09/2011 02:43:18 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:64494
    07/09/2011 02:43:17 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:62710 UDP
    07/09/2011 02:38:20 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:63943 UDP
    07/09/2011 02:33:20 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:64515 UDP
    07/09/2011 02:32:37 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:58477 UDP
    07/09/2011 02:31:41 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:63249 UDP
    07/09/2011 02:31:41 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:65378 UDP
    07/09/2011 02:24:27 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:60473 UDP
    07/09/2011 02:24:24 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:55549 UDP
    07/09/2011 02:24:23 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:60426 UDP
    07/09/2011 01:34:55 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:56596 UDP
    07/09/2011 01:20:10 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:60515 UDP
    07/09/2011 01:08:06 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:50541 UDP
    07/09/2011 01:07:56 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:63419 UDP
    07/09/2011 01:07:55 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:62776 UDP
    07/09/2011 01:02:54 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:62914 UDP
    07/09/2011 01:02:41 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:60207 UDP
    07/09/2011 01:02:41 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:59781 UDP
    07/09/2011 01:00:06 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:60569 UDP
    07/09/2011 12:58:20 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:64011 UDP
    07/09/2011 12:58:14 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:62724 UDP
    07/09/2011 12:58:13 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:50364 UDP
    07/09/2011 12:50:47 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:54464 UDP
    07/09/2011 12:50:47 ق.ظ Detected DNS cache poisoning attack 219.139.81.6:53 192.168.1.2:54089 UDP
    07/05/2011 09:32:04 ب.ظ Detected unexpected data in protocol 87.255.14.17 192.168.1.2:44187 UDP
    06/28/2011 01:39:33 ق.ظ Detected unexpected data in protocol 187.94.193.7 192.168.1.2:44187 UDP
     
  2. arashkhafan

    arashkhafan Registered Member

    Joined:
    Jul 8, 2011
    Posts:
    2
    I'm waiting for someone to help me?!that ip wants to attack me CONSECUTIVE
    someone help me,please
     
  3. stratoc

    stratoc Guest

    whilst you had better wait for someone more knowledgeable than myself, I am pretty sure it is completely harmless. V4 did it on both my systems for 18 months, support were aware, told me to disable dns poisoning (don't do this yet) It is back on both my systems with v5 rc and is completely harmless traffic. I have tried outpost pro and avast on puplic zone and can only see igmp out blocked from a multicast service.
    Nobody ever gave me an explanation during the 18 months with v4 it stopped occuring in v4.2. It also caused lock ups when exiting online games.
    You didn't get the pop ups in v4. Took ages to sort last time as it only does it on some systems.
    When I saw it had returned I decided to switch av's.
    I hate things I do not understand, and I hate when the pro's cannot explain it!
    I would not worry too much. if you were using nod and windows firewall you wouldn't even know about it.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You can capture the network communication using Wireshark, save it to a pcap file, upload it somewhere and PM me the link. We should be able to tell what's going on then.
     
  5. evilharp

    evilharp Registered Member

    Joined:
    May 20, 2007
    Posts:
    10
    Are you in China -or- actively communicating with a Chinese ISP (i.e. browsing a Chinese site)?

    From: http://tools.whois.net/whoisbyip/
     
Thread Status:
Not open for further replies.