Massive outgoing UDP traffic port 53
During recent days I received a massive increase in outgoing UDP traffic port 53. My server connection is going very slow.
How do we resolve the problem?
Should we block outgoing UDP port 53 requests? What's the implication?
Fyi this is cpanel server with external DNS server.
Your advice will be greatly appreciated.
Thank you very much.
My server is being used/raped as DNS server ...
Hi !
My server seems to be infected with some kind of trojan or script.
The process called <unknown> (according to MS network monitor 3.4) ... sends out on UDP 53 every 5 seconds or so to random IPs, the descriptions being "DNS sc . jfrmt . net" and varations of the subdomain.
Also my server is sending to my router on UDP 53 with www . 99woool . com as description
Now, jfrmt . net is registered to a bogus name and only some weeks old ...
1) is there a simple way / small software to block UDP 53 (something that coexists with Windows Firewall) ? I don't run any DNS service whatsoever.
2) How to find the culprit? Process <unkonwn> does not ring any bells ...
Thanks very very much!
PS: Win XP SP3 & XAMPP - I know, I know, but that's just how it is and worked for 7+ years.