Re: Unknown process modifying routing table

Jan Stary Sat, 06 Feb 2021 00:41:25 -0800

On Jan 26 15:10:03, ja...@jmp-e.com wrote:
> 
> Hi all,
> 
>     My routing table is being modified by an unknown process.
> 
>     I have system accounting enabled and I'm monitoring route changes
>     but the PID of the process reported by `route monitor` is always 0
>     for these unknown changes.
> 
>     I've seen my default route (VPN) being deleted and new routes being
>     added for specific IPs. I'm out of ideas how to find out what process
>     is modifying my routing table.


If your default route is a VPN,
please show how you establish the VPN to be your default route.

>     Here are the logs:
> 
> bash-5.0# route -n show
> Routing tables
> 
> Internet:
> Destination        Gateway            Flags   Refs      Use   Mtu  Prio Iface
> default            10.0.0.1           UGS       15      635     -     8 pair1
> 224/4              127.0.0.1          URS        0        0 32768     8 lo0
> 10.0.0/24          10.0.0.2           UCn        1        0     -     4 pair1
> 10.0.0.1           xx:xx:xx:xx:xx:xx  UHLch     20       76     -     3 pair1
> 10.0.0.2           xx:xx:xx:xx:xx:xx  UHLl       0      251     -     1 pair1
> 10.0.0.255         10.0.0.2           UHb        0        0     -     1 pair1
> 10.2.0.1           10.0.0.1           UGHD       1      599     - L   8 pair1
> 13.35.193.117      10.0.0.1           UGHD       1      616     - L   8 pair1
> 13.224.227.64      10.0.0.1           UGHD       1      611     - L   8 pair1
> 52.48.109.111      10.0.0.1           UGHD       1      614     - L   8 pair1
> 52.84.91.7         10.0.0.1           UGHD       1      574     - L   8 pair1
> 99.84.5.230        10.0.0.1           UGHD       1      620     - L   8 pair1
> 104.16.9.251       10.0.0.1           UGHD       0      289  1350     8 pair1
> 104.16.241.18      10.0.0.1           UGHD       1      610     - L   8 pair1
> 104.18.26.20       10.0.0.1           UGHD       1      609     - L   8 pair1
> 104.21.22.28       10.0.0.1           UGHD       1      617     - L   8 pair1
> 108.177.120.136    10.0.0.1           UGHD       1      625     - L   8 pair1
> 127/8              127.0.0.1          UGRS       0        0 32768     8 lo0
> 127.0.0.1          127.0.0.1          UHhl       8     7322 32768     1 lo0
> 140.82.121.3       10.0.0.1           UGHD       1      636     - L   8 pair1
> 142.250.186.129    10.0.0.1           UGHD       1      604     - L   8 pair1
> 157.230.120.63     10.0.0.1           UGHD       1      596     - L   8 pair1
> 172.67.203.118     10.0.0.1           UGHD       1      607     - L   8 pair1
> 172.217.169.86     10.0.0.1           UGHD       1      632     - L   8 pair1
> 185.199.111.154    10.0.0.1           UGHD       2      633     - L   8 pair1
> 216.58.206.132     10.0.0.1           UGHD       1      624     - L   8 pair1
> 216.58.212.227     10.0.0.1           UGHD       1      629     - L   8 pair1

> The routes for 216.58.212.227, 216.58.206.132, 185.199.111.154,
> 172.217.169.86, 172.67.203.118, 157.230.120.63, 142.250.186.129,
> 140.82.121.3, 108.177.120.136, 104.21.22.28, 104.18.26.20,
> 104.16.241.18, 104.16.9.251, 99.84.5.230, 52.48.109.111, 52.84.5.230,
> 13.224.227.64, 13.35.193.117 are completely unknown and not added by
> myself.

These are probably added by your VPN setup.

Jan

Re: Unknown process modifying routing table

Reply via email to