Advice Request Over 1.9 million DNS request overnight

Please provide comments and solutions that are helpful to the author of this topic.

mlnevese

Level 26
Thread author
Verified
Top Poster
Well-known
May 3, 2015
1,531
I configured my phone to use Adguard DNS and it registered over 1.9 million DNS requests from my phone while I was sleeping. Now I know partially blocked Google services will cause this behavior so I turned off the DNS filters on my phone so that the DNS could process them. I cleared the logs so that I could see what was going on and got over 450 requests in less than a minute. Does anyone know how to identify which processes are making all these DNS requests?
 
Last edited:

Freki123

Level 15
Verified
Top Poster
Aug 10, 2013
737
Take a look at "Apps management" if you click an app the amount of request made is show there. Or in the "filtering log" maybe also.
Edit: If you are not using the Adguard app on your android I understood you wrong and ignore my text :D
 
Last edited:

TedCruz

Level 5
Aug 19, 2022
176
I configured my phone to use Adguard DNS and it registered over 1.9 million DNS requests from my phone while I was sleeping. Now I know partially blocked Google services will cause this behavior so I turned off the DNS filters on my phone so that the DNS could process them. I cleared the logs so that I could see what was going on and got over 450 requests in less than a minute. Does anyone know how to identify which processes are making all these DNS requests?
For forensics and easy mode try installing glasswire firewall. It's has a great UI. It's basically an UI overlay on Windows Firewall. It is heavy on resources so I would use it only as a test if you have a slow PC. Otherwise the full version integrates with Virus total so you can run all the processes that communicate outside against VT.
 
Last edited:

Gangelo

Level 6
Verified
Well-known
Jul 29, 2017
268
For forensics and easy mode try installing glasswire firewall. It's has a great UI. It's basically an UI overlay on Windows Firewall. It is heavy on resources so I would use it only as a test if you have a slow PC. Otherwise the full version integrates with Virus total so you can run all the processes that communicate outside against VT.
The man is talking about his phone, not his PC.
 

Gangelo

Level 6
Verified
Well-known
Jul 29, 2017
268
I configured my phone to use Adguard DNS and it registered over 1.9 million DNS requests from my phone while I was sleeping. Now I know partially blocked Google services will cause this behavior so I turned off the DNS filters on my phone so that the DNS could process them. I cleared the logs so that I could see what was going on and got over 450 requests in less than a minute. Does anyone know how to identify which processes are making all these DNS requests?
Something like the below might help to identify what is making the DNS requests

 

TedCruz

Level 5
Aug 19, 2022
176
The man is talking about his phone, not his PC.
Ahh in that case just use AdGuard. They currently have a great deal for lifetime lic. Just look at the link in the deals sub forum on this site. If I recall correctly a lifetime for 3 devices at $12 and their lifetime is legit. I have been using them since if I recall correctly 2014 or something along those lines. The app section allows you to see exactly how much data each app uses and you can tell it to block if not on wifi or ask to connect.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
The man is talking about his phone, not his PC.
That is true.

I doubt it's of any use, but GlassWire do have a basic data app for mobile.

Something like the below might help to identify what is making the DNS requests

What about NetGuard which has more recent updates? Pro version available.
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Found the guilty party. A local mall app that was sending around 100 requests every second. Things are back to normal now. The firewall and Adguards activity monitor helped me find the guilty one :) Thanks for the help
How did you resolve the issues? By disabling the default Mail app, or blocking the request with the firewall?
 

mlnevese

Level 26
Thread author
Verified
Top Poster
Well-known
May 3, 2015
1,531
Do you mind sharing which app it was? I would love to Wireshark it in order to see what it's sending and where since that sounds more like malware than anything else.
It's the app for Barrashoping in Brazil. I have no idea if you can get it outside the Brazilian market.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top