Has my route been manipulated?

  1. 12 months ago

    Has my "route" been manipulated or does this appear to be a "stock" setup. This executable is within the sbin folder on my iMac under the title route and I understand that it's a perfectly normal executable that's used to manipulate the routing tables and alter the network interface but someone told me to get this checked out because there appeared to be some non-ASCII characters and debugging information that shouldn't be there. I understand that there are a lot of paranoid people out there looking at things that they know nothing about but I have good reason to be concerned here. Can anyone shed some light on this version of "route", I've compared it to others and can't find anything like it... Any comments would be greatly appreciated, I've been on the apple forums and all they can tell me is that "it doesn't look right". I've copied only a portion of the executable below.

    Lçu
    ASˇ%e
    êhÈÊˇˇˇhÈ‹ˇˇˇhÈ“ˇˇˇh2È»ˇˇˇhGÈæˇˇˇh]È¥ˇˇˇhuÈ™ˇˇˇhäȆˇˇˇhñÈñˇˇˇh£Èåˇˇˇh∞ÈǡˇˇhºÈxˇˇˇh…Ènˇˇˇh÷ÈdˇˇˇhÂÈZˇˇˇhıÈPˇˇˇh
    ÈFˇˇˇhÈ<ˇˇˇh-È2ˇˇˇhBÈ(ˇˇˇhVÈˇˇˇhfÈˇˇˇh|È
    ˇˇˇhíÈˇˇˇh¶Èˆ˛ˇˇhπÈÏ˛ˇˇhÕÈ‚˛ˇˇh‚Èÿ˛ˇˇh˜ÈŒ˛ˇˇhȃ˛ˇˇhÈ∫˛ˇˇh,È∞˛ˇˇh:ȶ˛ˇˇhLÈú˛ˇˇh_Èí˛ˇˇhtÈà˛ˇˇhÜÈ~˛ˇˇhòÈt˛ˇˇh™Èj˛ˇˇhπÈ`˛ˇˇh»ÈV˛ˇˇh◊ÈL˛ˇˇh‰ÈB˛ˇˇhÛÈ8˛ˇˇhÈ.˛ˇˇhÈ$˛ˇˇhÈ˛ˇˇh*È˛ˇˇh9È˛ˇˇhJȸ˝ˇˇhYÈÚ˝ˇˇhhÈË˝ˇˇhwÈfi˝ˇˇhàÈ‘˝ˇˇhóÈ ˝ˇˇhßÈ¿˝ˇˇh∑È∂˝ˇˇh∆Ȩ˝ˇˇh”È¢˝ˇˇh‡Èò˝ˇˇhÓÈ齡ˇaddblackholechangecloningdeletedstexpireflushgatewaygenmaskgethosthopcountifaceinterfaceifaifpinetinet6isolinkllinfolocklockrestmaskmonitormtunetnetmasknostaticosiprefixlenproto1proto2recvpiperejectrttrttvarsasendpipessthreshstaticx25xnsxresolveifscopebad keyword: %susage: route [-dnqtv] command [[modifiers] args]
    nqdtv/dev/nullsocketmust be root to alter routing tableroute-sysctl-estimatemalloc failedroute-sysctl-getwrite to routing socketgot only %d for rlen
    %-20.20s default%u.%u.%u.%uinvalid(%d) %x%u%u.%u%u.%u.%uaf %d:bad interface nameinvalid mask: %s%s %s %s: gateway %s (%s): %s
    getifaddrsinternal error%s: %s
    bad address: %sprefixlen not supported in this af
    %s: bad value
    actual retrieval of interface table
    got message of size %d on %suwriting to routing socket: %sread from routing socketRTM_ADD: Add RouteRTM_DELETE: Delete RouteRTM_CHANGE: Change Metrics or flagsRTM_GET: Report MetricsRTM_LOSING: Kernel Suspects PartitioningRTM_REDIRECT: Told to use different routeRTM_MISS: Lookup failed on this addressRTM_LOCK: fix specified metricsRTM_OLDADD: caused by SIOCADDRTRTM_OLDDEL: caused by SIOCDELRTRTM_RESOLVE: Route created by cloningRTM_NEWADDR: address being added to ifaceRTM_DELADDR: address being removed from ifaceRTM_IFINFO: iface status changeRTM_NEWMADDR: new multicast group membership on ifaceRTM_DELMADDR: multicast group membership removed from ifacerouting message version %d not understood
    %s: len %d, if# %d, flags:metric %d, flags:pid: %ld, seq %d, errno %d, ifscope %d, ifref, flags: route to: %s
    routing message version %d not understoodmessage length mismatch, in packet %d, returned %dmessage indicates error %ddestination: %s
    mask: %s
    gateway: %s
    interface: %.*s
    flags:
    %s
    recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire%8u%c %8d%c
    sockaddrs:
    locks: inits:
    sockaddrs: %s%s: link %s; %s: inet %s; 064128not in tableentry in userouting table overflowdoneExamining routing table from sysctl00—Xa
    ºHH3HTG,!
    ¿£„„Î"ù#%€(G)*≈*+\+!ú4¶4∞4∫4ƒ4Œ4ÿ4‚4Ï4ˆ45
    555(525<5F5P5Z5d5n5x5Ç5å5ñ5†5™5¥5æ5»5“5‹5Ê55˙5666"6,[email protected]^6h6r6|6Ü6ê6ö6§6Æ6∏6¬6Ã6÷6‡6Í6Ù677777$7(7/757 =7
    E7
    I7N7
    W7]7g7k7o7t7z7~7É7ä7è7ò7ù7•7©7≠7µ7æ7¬7 Ã7!”7"⁄7#„7$Í7%Ó7&ı7'¯7(8)
    8*8+8,8-"8.(?y:å:•:…:·:
    ;4;\;|;ú;º;‚;<:<Z<ê< pksentrttvarrttssthreshsendpiperecvpipeexpirehopcountmtuUPGATEWAYHOSTREJECTDYNAMICMODIFIEDDONEDELCLONE CLONING
    XRESOLVE
    LLINFOSTATIC
    BLACKHOLEb016PROTO2PROTO1PRCLONINGWASCLONEDPROTO3b024PINNEDLOCALBROADCASTMULTICASTIFSCOPECONDEMNEDIFREFPROXYROUTERUPBROADCASTDEBUGLOOPBACKPTPb6RUNNINGNOARP PPROMISC
    ALLMULTI
    OACTIVESIMPLEX
    LINK0LINK1LINK2MULTICASTDSTGATEWAYNETMASKGENMASKIFPIFAAUTHORBRD"0`=AÄ-p(`@___stack_chk_guardQrê@___stderrpê@___stdoutpê@_optindê@dyld_stub_binderÄ–ˇˇˇˇˇˇˇˇêr0@___bzeroêr8@___errorêr@@___memcpy_chkêrH@___memmove_chkêrP@___snprintf_chkêrX@___stack_chk_failêr`@___strlcpy_chkêrh@_atoiêrp@_bcopyêrx@_ctimeêrÄ@_errêrà@_errxêrê@_exitêrò@_fflushêr†@_fprintfêr®@_freeaddrinfoêr∞@_freeifaddrsêr∏@_fwriteêr¿@_gai_strerrorêr»@_getaddrinfoêr–@_geteuidêrÿ@_gethostbyaddrêr‡@_gethostbynameêrË@_gethostnameêr@_getifaddrsêr¯@_getnameinfoêrÄ@_getnetbyaddrêrà@_getnetbynameêrê@_getoptêrò@_getpidêr†@_if_nametoindexêr®@_indexêr∞@_inet_addrêr∏@_inet_lnaofêr¿@_inet_networkêr»@_inet_ntoaêr–@_link_addrêrÿ@_link_ntoaêr‡@_mallocêrË@_memcpyêr@_memsetêr¯@_openêrÄ@_printfêrà@_putcêrê@_putcharêrò@_putsêr†@_readêr®@_setuidêr∞@_shutdownêr∏@_socketêr¿@_strchrêr»@_strcmpêr–@_strerrorêrÿ@_strlenêr‡@_strncpyêrË@_strtoulêr@_sysctlêr¯@_timeêrÄ@_warnêrà@_warnxêrê@_writeê__mh_execute_headerº
    GÂÎñÙ˚§„ëØÄé˙≤Ôœl‘™;\˙fiµ<BEa!*8GWi|áí°ßƵ∫¿∆Œ◊ÂÚ˙-<IUbp~Üéû•∞º ’‡ÎÛ˚ (.4<FNV^hpyÇäêñù§

    !"#$%&'()*+,-.0123456789:;<=>[email protected]@
    /

    !"#$%&'()*+,-.0123456789:;<=>[email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected][email protected]time_warn_warnx_writedyld_stub_binderradr://5614542˙fi¿M$D˙fi‡h0]‡com.apple.route@?“mlv\Í;Ï[≈Ëz§ë?ÿoé]êäùøßË(‹bëflƒ∏òñ°î°yt Ω4sMÇ[email protected]:∑eû1aAp'¢⁄‡˜ª“œ∞z¢$Æâé!L1πxN‚èÕ©F»(‚4Áì›éŸw◊#B|£ÑÆ´ª d ⁄|±j3e•fiÚo≥-5ºfir)\Í˙fi@˙fi,com.apple.route˙fi

  2. Edited 12 months ago by h1994tesh

    i think you can get your answer from here

    http://techknowledge9945.blogspot.com

  3. 10 months ago

    Forgive me but I could use a little more direction, the link you provided is a bit over my head. Would you be so kind as to offer a summary?

or Sign Up to reply!