Your IP:

Our Forums Have Moved!

Visit our new forums at http://community.opendns.com/forums/ to post on topics and read the latest content. These forums are now read-only archives.

K-12 Forums

Talk with other K-12 network administrators in your state.

Or see all states.

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

This discussion has been inactive for longer than 30 days, and is thus closed.
    • CommentAuthorgaryrw
    • CommentTimeJun 29th 2007
     permalink
    Is anyone getting firewall log entries like this starting today?

    6/28/2007 9:06:16 PM Detected DNS cache poisoning attack 208.67.220.220:53 64.24.228.61:1324 UDP
    6/28/2007 9:06:16 PM Detected DNS cache poisoning attack 208.67.222.222:53 64.24.228.61:1324 UDP
    6/28/2007 9:05:45 PM Detected DNS cache poisoning attack 208.67.220.220:53 64.24.228.61:1305 UDP
    6/28/2007 9:05:45 PM Detected DNS cache poisoning attack 208.67.222.222:53 64.24.228.61:1305 UDP
    • CommentAuthorpencoyd
    • CommentTimeJul 7th 2007
     permalink
    What's your firewall? That's total nonsense. OpenDNS is not vulnerable to cache poisoning.
    • CommentAuthorgtc
    • CommentTimeJan 25th 2008
     permalink
    I am recieving these also. We Use NOD32 ESET Smart Security
    • CommentAuthorpencoyd
    • CommentTimeJan 25th 2008
     permalink
    I expect something on your network is making a DNS request to our nameservers, and getting a response.

    If you have more details / logs to share, please do.

    But, again, we're not vulnerable to cache poisoning, so we'd like to educate the software which is confused. :bigsmile:
    • CommentAuthordahia
    • CommentTimeJan 26th 2008
     permalink
    What would "DNS cache poisoning" mean? sort of DoS?
  1.  permalink
    http://en.wikipedia.org/wiki/DNS_cache_poisoning

    It's trying to convince a DNS server of something untrue. Say, that www.paypal.com points to my web server. Pretty evil and difficult for a user to detect.
    • CommentAuthorgaryrw
    • CommentTimeApr 17th 2008
     permalink
    Still getting these DNS Cache Poisoning attack messages that I initially inquired about last June. As then, these are both using Eset Smart Security (ESS) except these are from the most recent revision ESS v3.0.650.0. Last year it was an early bets, but now it's a released product.

    4/17/2008 3:36:10 PM Detected DNS cache poisoning attack 208.67.220.220:53 76.2.224.33:3764 UDP
    4/17/2008 3:36:10 PM Detected DNS cache poisoning attack 208.67.222.222:53 76.2.224.33:3764 UDP
    4/17/2008 3:36:07 PM Detected DNS cache poisoning attack 208.67.220.220:53 76.2.224.33:3764 UDP
    4/17/2008 3:36:07 PM Detected DNS cache poisoning attack 208.67.222.222:53 76.2.224.33:3764 UDP
    4/17/2008 3:36:04 PM Detected DNS cache poisoning attack 208.67.222.222:53 76.2.224.33:3764 UDP
    4/17/2008 3:36:03 PM Detected DNS cache poisoning attack 208.67.220.220:53 76.2.224.33:3764 UDP
    4/17/2008 3:36:02 PM Detected DNS cache poisoning attack 208.67.222.222:53 76.2.224.33:3764 UDP

    I get these both on DSL thru Embarq AND dialup thru Juno. Now there seems to be a consistent pattern of 7 bursts in about 10 seconds. But the intervals are random.

    Anybody else getting these with other firewalls?
    • CommentAuthoringber
    • CommentTimeSep 9th 2008
     permalink
    Yes, I always see these same reports in my ESET-3.0.672.0 logs (only my private address 192.. appears instead of 76..., etc.), perhaps 5-15 times a day -- many less times than I access the internet, but nevertheless regularly.

    Lester
    • CommentAuthorparhelion
    • CommentTimeSep 27th 2008
     permalink
    I have ESET Smart Security 3.0.669.0 and was getting a great number of machinegun-like DNS cache poisoning entries in my personal Firewall log. I contacted ESET and they said ==> "Thank you for contacting ESET Customer Care. This is usually caused due to the way some routers assign DNS through DHCP. If possible, either set the DNS server settings manually on the workstations and disable the router from sending out DNS server settings through DHCP, or you can just disable the alert of DNS cache poisoning since the router is in place and handling this. You can do that by opening the ESET Smart Security window, press F5, click on Personal Firewall > IDS and Advanced options, uncheck the detection of DNS cache poisoning." I DO NOT use a Router... (I have a single computer connected directly to Comcast.net via a Motorola SB5101 cable modem). SO, I CHANGED MY SETTINGS from "Obtain DNS server address automatically" (which I believe was using Comcast.net's name servers -- of which there are apparently three) to instead use OpenDNS Preferred DNS serve and Alternate DNS server all the time. UNFORTUNATELY, even though this was following ESET's advice to "set the DNS server settings manually," IT DID NOT WORK. I am now getting multiple "DNS cache poisoning" entries from OpenDNS's Preferred DNS server IP address. I RESEARCHED THIS FURTHER and noted that there are many reports of this problem being caused by ESET personal Firewall program. Maybe ESET will fix this in a future version?? It's more of an annoyance issue than an actual security risk.

This discussion has been inactive for longer than 30 days, and is thus closed.