n0zkl3r 0 Posted October 8, 2019 Share Posted October 8, 2019 Hello, I noticed that by activating the rule "DNS poisoning attack detection", my connection is randomly blocked for a few seconds (it comes back later). This happens so regularly that you can't watch streaming without jerks. This is not a rule checked by default. Is it important? Thank you. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,693 Posted October 8, 2019 Administrators Share Posted October 8, 2019 It sounds like various parts of the video are downloaded from a domain that resolves to different IP addresses. Since the DNS cache poisoning detection is disabled by default and enabling it causes FPs for you, I'd suggest keeping it disabled. Link to comment Share on other sites More sharing options...
n0zkl3r 0 Posted October 8, 2019 Author Share Posted October 8, 2019 Thank you, but is there not a security risk? By default, this rule is disabled, why? Are they aware of this problem? This does not necessarily happen during a streaming, it also occurs during surfing on various websites. Link to comment Share on other sites More sharing options...
itman 1,538 Posted October 8, 2019 Share Posted October 8, 2019 11 minutes ago, n0zkl3r said: Thank you, but is there not a security risk? By default, this rule is disabled, why? Are they aware of this problem? This does not necessarily happen during a streaming, it also occurs during surfing on various websites. If Eset IDS protection detected a DNS poisoning attack, there should be entries to that effect in the Eset Network Protection log. If there are no log entries to this effect, then your Internet connection issue is not related to this IDS setting. Link to comment Share on other sites More sharing options...
n0zkl3r 0 Posted October 9, 2019 Author Share Posted October 9, 2019 Do you recommend leaving EIS default? By default, several features like the detection of potentially dangerous / unwanted applications is not enabled. Please help me, when I activate some options, my connection is unstable. By default, everything is fine, but I feel not to enjoy 100% EIS. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,693 Posted October 9, 2019 Administrators Share Posted October 9, 2019 As for detection of potentially unsafe and unwanted application, the decision is up to you. Both detections are optional. In case a particular application is detected and you want to use it intentionally, you can exclude it from detection by the detection name (e.g. a kind of a hack tool, password viewer, etc.). Do you mean that after disabling DNS cache poisoning detection your connection becomes stable? Link to comment Share on other sites More sharing options...
itman 1,538 Posted October 9, 2019 Share Posted October 9, 2019 (edited) 9 hours ago, n0zkl3r said: Please help me, when I activate some options, my connection is unstable. By default, everything is fine, but I feel not to enjoy 100% EIS. Proper diagnostic procedure in regards to optional or non-default settings of software of any type is as follows. Modify settings one at a time. After each modification, perform necessary functional testing to ensure the change is performing as designed/stated and is not adversely impacting the specific software or other system operations. This is also the only way to definitively identify specific software issue/s. The worse thing that can be done is to en-mass modify settings since it becomes impossible to identify which change resulted in adverse software or system operation. Edited October 9, 2019 by itman Link to comment Share on other sites More sharing options...
Recommended Posts