Detected DNS cache poisoning attack

Posted on 2012-09-07
Last Modified: 2012-09-18
Dear Experts

What is a DNS cache poisoning attack?
 I have intalled ESS V.

It is a known issue of ESS latest version or ESS V. 4.2?

I have not read @ Avira about this issue
Only affects ESET products?
Is this a vulnerability of ESET products?

This is the ESET Knowledgebase about DNS cache poisoning attack

@ the web site above explain the solution, but not explain why users are receiving this notification.

My Eset Smart Security 5 alert me with this message DNS cache poisoning attack, so I used an acronis image to get the system back again, but know ESET products made me lose confidence, with the Acronis Image I do not want to be in the middle of something and suddenly get the alert.
Question by:rebelscum0000
    LVL 60

    Expert Comment

    the whole idea of this attack is to redirect the user unknowingly to another legit looking site but hosted by attacker. The IP address from the DNS resolution is already been tampered with as the DNS cache is storing the wrong IP. Thereafter, the user will begin his "journey of infection"....I know of one recent malware called DNSChanger that modified the user host or cache such that any user browsing will be redirected to its malicious site will intend to even "disable" the updates and AV etc

    But note that even router and network devices can be impacted as well as in poisoned

    Author Comment

    I did not ask about  DNSChanger I was more specific "DNS cache poisoning attack"

    As always I have to find out the answer,

    Now my question is this a vulnerability only of ESET products?
    LVL 60

    Accepted Solution

    I was looking at the client machine being infected with "cache" being tampered hence DNSChanger would be possible. Not that of public release of such vulnerability for ESET to my best knowledge @

    did read some past false positive of ESET though but if you will to flush the cache and still getting the pop up then potentially a false positive

    @Echo on
    attrib -h -s -r hosts
    echo localhost>HOSTS
    attrib +r +h +s hosts
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset all
    shutdown -r -t 1
    del %0

    Author Closing Comment

    Thank you

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
    Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    This video discusses moving either the default database or any database to a new volume.

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now