-1

I am noticing a bunch of UDP traffic hitting a server on a shared IP. Is there anyway to tell which site they may be trying to it?

John Gardeniers
  • 27,262
  • 12
  • 53
  • 108
Jake Mach
  • 11
  • 1
  • 3

2 Answers2

4

Not unless the body of the packet contains this information. Sniff it using tcpdump or wireshark, and look.

Once you resolve a DNS name into an IP, it's not possible to reverse it back (DNS -> IP is many-to-one).

Jay
  • 6,439
  • 24
  • 34
1

The challenge here is that UDP traffic is trivial to forge.

Your ISP might be able to help you filter out the traffic if it is significant, but without the cooperation of all ISPs, there is no way to trace UDP traffic with a high level of certainty.

If the person sending the packets have provided false/invalid source ip/port information, there really is nothing you can do to trace them.

Zoredache
  • 128,755
  • 40
  • 271
  • 413