Which process is making DNS queries?
Since last night, snort has been picking up a lot of UDP Port unreachable packets directed at our mail server. After watching the server for a little while, I've found that the server is attempting to make a DNS query to a specific IP address. No DNS server operates on that address, so the UDP packet is returend.
My problem is that I can't figure out why its making these queries or why its querying this IP address. My guess is that someone's DNS is not configured properly somewhere, but I can't tell. Whois and reverse lookups on the IP in question don't reveal anything of consequence. There are no messages in the mail queue directed at the domain to which the IP belongs.
How can I determine which process is making these requests?
|