We've got a private school on our network that has an MT router that
we set up for them. For the past two days settings have been getting
changed on it causing them not to be able to access the Internet.
Specifically, a second default route has been added to the box
directing traffic to one of the router's LAN interfaces. Secondly,
the primary DNS server IP is getting changed to point to the same LAN
interface on the router. I suspect that a former employee who knew
the admin password is doing this.
At any rate, I'm wondering about something with this default route
that is being added. Here's what I'm seeing:
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 S 0.0.0.0/0 r 10.150.1.1 1 ether5
1 AD 0.0.0.0/0 r 192.168.1.1 0 ether1
2 ADC 10.150.1.0/24 10.150.1.236 0 ether5
3 ADC 192.168.0.0/24 192.168.0.1 0 ether1
4 ADC 192.168.1.0/24 192.168.1.1 0 ether1
5 ADC 192.168.2.0/24 192.168.2.1 0 ether3
6 ADC 192.168.3.0/24 192.168.3.1 0 ether3
7 ADC 192.168.4.0/24 192.168.4.1 0 ether3
The first static route is the correct default. The route on line 1 is
the one that is being added by someone/something. The thing that's
got me wondering is how it's showing AD flags, but with no indication
of where the route came from (like o, r, b, etc). It's apparently a
dynamic route, but it's not running any routing protocols, and it's
obviously not a static route. So how does a dynamic route get added
without a routing protocol?
Craig
_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://www.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
