DNS Cache Poisoning Attack warning
Posted on 2013-10-10
We recently upgraded a client to ESET Smart Security (ESS) from ESET NOD32. Since then, every few days the client receives a warning from ESS saying, "Detected DNS Cache Poisoning Attack" and gives the IP address where the attack is being detected from, which is the IP address of the router.
I'm aware that some antivirus programs which can detect DNS cache poisoning attacks also give false positives. Any idea how I can tell the difference between positive and false-positive detections in this regard?