Hi, I have diskless routers, on one of theese I have problem, that default gate is changing.
Image is clean and updated. There is no route daemon, no snmp, dhclient isnt running. Whith resarch in cooperation in chzech bsd mailing list I get following things: Ifconfig of this machine is: ifconfig -a: em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC> ether 00:25:90:a1:f5:a9 inet 178.255.168.19 netmask 0xfffff800 broadcast 178.255.175.255 inet6 fe80::225:90ff:fea1:f5a9%em0 prefixlen 64 scopeid 0x1 inet6 2a02:768:0:4000::19 prefixlen 64 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC> ether 00:25:90:a1:f5:a8 inet6 fe80::225:90ff:fea1:f5a8%em1 prefixlen 64 scopeid 0x3 inet 10.1.11.1 netmask 0xfffffffc broadcast 10.1.11.3 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: Ethernet autoselect (1000baseT <full-duplex>) status: active vlan304: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=3<RXCSUM,TXCSUM> ether 00:25:90:a1:f5:a8 inet 10.219.11.97 netmask 0xffffffe0 broadcast 10.219.11.127 inet6 fe80::225:90ff:fea1:f5a8%vlan304 prefixlen 64 scopeid 0xb4 inet 10.9.114.1 netmask 0xfffffffc broadcast 10.9.114.3 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: Ethernet autoselect (1000baseT <full-duplex>) status: active vlan: 304 parent interface: em1 After attack isnot affected. Ip of machine is 178.255.168.19, default route is 178.255.168.254. netstat -nr|less Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 178.255.168.254 UGS 0 8766645 em0 After change look like this: netstat -nr Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 189.71.208.123 UGS 1 1184931064 em0 This is example, ip of gateway is random. route monitor tells (there is other ip, route monitor runs later, on other attack). got message of size 192 on Mon Dec 17 13:19:20 2012 RTM_DELETE: Delete Route: len 192, pid: 21546, seq 1, errno 0, flags:<GATEWAY,DONE,STATIC> locks: inits: sockaddrs: <DST,GATEWAY,NETMASK> default 175.139.119.60 default Is possilble, that icmp redirect can change default route? No other user, than me, are logged to system. Thank you Radek _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"