Detected DNS cache poisoning attack

Posted on 2012-09-07
Medium Priority
Last Modified: 2016-10-27
Dear Experts

What is a DNS cache poisoning attack?
 I have intalled ESS V.

It is a known issue of ESS latest version or ESS V. 4.2?

I have not read @ Avira about this issue
Only affects ESET products?
Is this a vulnerability of ESET products?

This is the ESET Knowledgebase about DNS cache poisoning attack

@ the web site above explain the solution, but not explain why users are receiving this notification.

My Eset Smart Security 5 alert me with this message DNS cache poisoning attack, so I used an acronis image to get the system back again, but know ESET products made me lose confidence, with the Acronis Image I do not want to be in the middle of something and suddenly get the alert.
Question by:rebelscum0000
  • 2
  • 2
LVL 65

Expert Comment

ID: 38378866
the whole idea of this attack is to redirect the user unknowingly to another legit looking site but hosted by attacker. The IP address from the DNS resolution is already been tampered with as the DNS cache is storing the wrong IP. Thereafter, the user will begin his "journey of infection"....I know of one recent malware called DNSChanger that modified the user host or cache such that any user browsing will be redirected to its malicious site etc...it will intend to even "disable" the updates and AV etc

But note that even router and network devices can be impacted as well as in poisoned


Author Comment

ID: 38396434
I did not ask about  DNSChanger I was more specific "DNS cache poisoning attack"



As always I have to find out the answer,

Now my question is this a vulnerability only of ESET products?
LVL 65

Accepted Solution

btan earned 2000 total points
ID: 38397405
I was looking at the client machine being infected with "cache" being tampered hence DNSChanger would be possible. Not that of public release of such vulnerability for ESET to my best knowledge @ http://www.cvedetails.com/product-list/vendor_id-8861/Eset.html

did read some past false positive of ESET though but if you will to flush the cache and still getting the pop up then potentially a false positive
@ http://www.sevenforums.com/system-security/197311-detected-dns-cache-poisoning-attack.html

@Echo on
attrib -h -s -r hosts
echo localhost>HOSTS
attrib +r +h +s hosts
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Author Closing Comment

ID: 38411301
Thank you
Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question