How can I find out what application or executable is sending dns mx queries to my router? June 30, 2009
Posted by Domena in : Security , trackbackandrea l asked:
I’m tracing my network activity and I see a lot of dns mx queries generated on my pc towards my router, which is weird, but I don’t know how to detect the creator of all these requests. Any suggestions? Thanx a lot.
Comments»
There is a program for the Mac called Little Snitch. It is essentially a Firewall with a simple-to-use interface.
It blocks all outbound traffic and allows you to make exceptions to this rule. The nice thing about these exceptions is that they can be on an application by application basis. I can allow Firefox to connect to port 80 but not allow Safari if that’s what I want to do.
You could allow udp connections on port 53 to each application individually until you find the one that is doing the MX requests. (Being an MX request I would suspect your email program first… but a spam sending engine would generate a LOT of dns MX requests. It depends on what you mean by “a lot”)
I did a search for Little Snitch equivalents for Windows and apparently there’s not much available. Some reports say to try ZoneAlarm, Comodo or Outpost for Windows.