On Jan 26 15:10:03, ja...@jmp-e.com wrote: > > Hi all, > > My routing table is being modified by an unknown process. > > I have system accounting enabled and I'm monitoring route changes > but the PID of the process reported by `route monitor` is always 0 > for these unknown changes. > > I've seen my default route (VPN) being deleted and new routes being > added for specific IPs. I'm out of ideas how to find out what process > is modifying my routing table.
If your default route is a VPN, please show how you establish the VPN to be your default route. > Here are the logs: > > bash-5.0# route -n show > Routing tables > > Internet: > Destination Gateway Flags Refs Use Mtu Prio Iface > default 10.0.0.1 UGS 15 635 - 8 pair1 > 224/4 127.0.0.1 URS 0 0 32768 8 lo0 > 10.0.0/24 10.0.0.2 UCn 1 0 - 4 pair1 > 10.0.0.1 xx:xx:xx:xx:xx:xx UHLch 20 76 - 3 pair1 > 10.0.0.2 xx:xx:xx:xx:xx:xx UHLl 0 251 - 1 pair1 > 10.0.0.255 10.0.0.2 UHb 0 0 - 1 pair1 > 10.2.0.1 10.0.0.1 UGHD 1 599 - L 8 pair1 > 13.35.193.117 10.0.0.1 UGHD 1 616 - L 8 pair1 > 13.224.227.64 10.0.0.1 UGHD 1 611 - L 8 pair1 > 52.48.109.111 10.0.0.1 UGHD 1 614 - L 8 pair1 > 52.84.91.7 10.0.0.1 UGHD 1 574 - L 8 pair1 > 99.84.5.230 10.0.0.1 UGHD 1 620 - L 8 pair1 > 104.16.9.251 10.0.0.1 UGHD 0 289 1350 8 pair1 > 104.16.241.18 10.0.0.1 UGHD 1 610 - L 8 pair1 > 104.18.26.20 10.0.0.1 UGHD 1 609 - L 8 pair1 > 104.21.22.28 10.0.0.1 UGHD 1 617 - L 8 pair1 > 108.177.120.136 10.0.0.1 UGHD 1 625 - L 8 pair1 > 127/8 127.0.0.1 UGRS 0 0 32768 8 lo0 > 127.0.0.1 127.0.0.1 UHhl 8 7322 32768 1 lo0 > 140.82.121.3 10.0.0.1 UGHD 1 636 - L 8 pair1 > 142.250.186.129 10.0.0.1 UGHD 1 604 - L 8 pair1 > 157.230.120.63 10.0.0.1 UGHD 1 596 - L 8 pair1 > 172.67.203.118 10.0.0.1 UGHD 1 607 - L 8 pair1 > 172.217.169.86 10.0.0.1 UGHD 1 632 - L 8 pair1 > 185.199.111.154 10.0.0.1 UGHD 2 633 - L 8 pair1 > 216.58.206.132 10.0.0.1 UGHD 1 624 - L 8 pair1 > 216.58.212.227 10.0.0.1 UGHD 1 629 - L 8 pair1 > The routes for 216.58.212.227, 216.58.206.132, 185.199.111.154, > 172.217.169.86, 172.67.203.118, 157.230.120.63, 142.250.186.129, > 140.82.121.3, 108.177.120.136, 104.21.22.28, 104.18.26.20, > 104.16.241.18, 104.16.9.251, 99.84.5.230, 52.48.109.111, 52.84.5.230, > 13.224.227.64, 13.35.193.117 are completely unknown and not added by > myself. These are probably added by your VPN setup. Jan