Clogan75

Member

Last active 3 years ago

 1. 3 years ago
  Fri 12 Aug 2016 07:04:40 AM CEST
  Clogan75 posted in Has my route been manipulated?.

  Forgive me but I could use a little more direction, the link you provided is a bit over my head. Would you be so kind as to offer a summary?

 2. Mon 04 Jul 2016 04:25:36 PM CEST
  Clogan75 started the conversation Has my route been manipulated?.

  Has my "route" been manipulated or does this appear to be a "stock" setup. This executable is within the sbin folder on my iMac under the title route and I understand that it's a perfectly normal executable that's used to manipulate the routing tables and alter the network interface but someone told me to get this checked out because there appeared to be some non-ASCII characters and debugging information that shouldn't be there. I understand that there are a lot of paranoid people out there looking at things that they know nothing about but I have good reason to be concerned here. Can anyone shed some light on this version of "route", I've compared it to others and can't find anything like it... Any comments would be greatly appreciated, I've been on the apple forums and all they can tell me is that "it doesn't look right". I've copied only a portion of the executable below.

  Lçu
  ASˇ%e
  êhÈÊˇˇˇhÈ‹ˇˇˇhÈ“ˇˇˇh2È»ˇˇˇhGÈæˇˇˇh]È¥ˇˇˇhuÈ™ˇˇˇhäȆˇˇˇhñÈñˇˇˇh£Èåˇˇˇh∞ÈǡˇˇhºÈxˇˇˇh…Ènˇˇˇh÷ÈdˇˇˇhÂÈZˇˇˇhıÈPˇˇˇh
  ÈFˇˇˇhÈ<ˇˇˇh-È2ˇˇˇhBÈ(ˇˇˇhVÈˇˇˇhfÈˇˇˇh|È
  ˇˇˇhíÈˇˇˇh¶Èˆ˛ˇˇhπÈÏ˛ˇˇhÕÈ‚˛ˇˇh‚Èÿ˛ˇˇh˜ÈŒ˛ˇˇhȃ˛ˇˇhÈ∫˛ˇˇh,È∞˛ˇˇh:ȶ˛ˇˇhLÈú˛ˇˇh_Èí˛ˇˇhtÈà˛ˇˇhÜÈ~˛ˇˇhòÈt˛ˇˇh™Èj˛ˇˇhπÈ`˛ˇˇh»ÈV˛ˇˇh◊ÈL˛ˇˇh‰ÈB˛ˇˇhÛÈ8˛ˇˇhÈ.˛ˇˇhÈ$˛ˇˇhÈ˛ˇˇh*È˛ˇˇh9È˛ˇˇhJȸ˝ˇˇhYÈÚ˝ˇˇhhÈË˝ˇˇhwÈfi˝ˇˇhàÈ‘˝ˇˇhóÈ ˝ˇˇhßÈ¿˝ˇˇh∑È∂˝ˇˇh∆Ȩ˝ˇˇh”È¢˝ˇˇh‡Èò˝ˇˇhÓÈ齡ˇaddblackholechangecloningdeletedstexpireflushgatewaygenmaskgethosthopcountifaceinterfaceifaifpinetinet6isolinkllinfolocklockrestmaskmonitormtunetnetmasknostaticosiprefixlenproto1proto2recvpiperejectrttrttvarsasendpipessthreshstaticx25xnsxresolveifscopebad keyword: %susage: route [-dnqtv] command [[modifiers] args]
  nqdtv/dev/nullsocketmust be root to alter routing tableroute-sysctl-estimatemalloc failedroute-sysctl-getwrite to routing socketgot only %d for rlen
  %-20.20s default%u.%u.%u.%uinvalid(%d) %x%u%u.%u%u.%u.%uaf %d:bad interface nameinvalid mask: %s%s %s %s: gateway %s (%s): %s
  getifaddrsinternal error%s: %s
  bad address: %sprefixlen not supported in this af
  %s: bad value
  actual retrieval of interface table
  got message of size %d on %suwriting to routing socket: %sread from routing socketRTM_ADD: Add RouteRTM_DELETE: Delete RouteRTM_CHANGE: Change Metrics or flagsRTM_GET: Report MetricsRTM_LOSING: Kernel Suspects PartitioningRTM_REDIRECT: Told to use different routeRTM_MISS: Lookup failed on this addressRTM_LOCK: fix specified metricsRTM_OLDADD: caused by SIOCADDRTRTM_OLDDEL: caused by SIOCDELRTRTM_RESOLVE: Route created by cloningRTM_NEWADDR: address being added to ifaceRTM_DELADDR: address being removed from ifaceRTM_IFINFO: iface status changeRTM_NEWMADDR: new multicast group membership on ifaceRTM_DELMADDR: multicast group membership removed from ifacerouting message version %d not understood
  %s: len %d, if# %d, flags:metric %d, flags:pid: %ld, seq %d, errno %d, ifscope %d, ifref, flags: route to: %s
  routing message version %d not understoodmessage length mismatch, in packet %d, returned %dmessage indicates error %ddestination: %s
  mask: %s
  gateway: %s
  interface: %.*s
  flags:
  %s
  recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire%8u%c %8d%c
  sockaddrs:
  locks: inits:
  sockaddrs: %s%s: link %s; %s: inet %s; 064128not in tableentry in userouting table overflowdoneExamining routing table from sysctl00—Xa
  ºHH3HTG,!
  ¿£„„Î"ù#%€(G)*≈*+\+!ú4¶4∞4∫4ƒ4Œ4ÿ4‚4Ï4ˆ45
  555(525<5F5P5Z5d5n5x5Ç5å5ñ5†5™5¥5æ5»5“5‹5Ê55˙5666"6,[email protected]^6h6r6|6Ü6ê6ö6§6Æ6∏6¬6Ã6÷6‡6Í6Ù677777$7(7/757 =7
  E7
  I7N7
  W7]7g7k7o7t7z7~7É7ä7è7ò7ù7•7©7≠7µ7æ7¬7 Ã7!”7"⁄7#„7$Í7%Ó7&ı7'¯7(8)
  8*8+8,8-"8.(?y:å:•:…:·:
  ;4;\;|;ú;º;‚;<:<Z<ê< pksentrttvarrttssthreshsendpiperecvpipeexpirehopcountmtuUPGATEWAYHOSTREJECTDYNAMICMODIFIEDDONEDELCLONE CLONING
  XRESOLVE
  LLINFOSTATIC
  BLACKHOLEb016PROTO2PROTO1PRCLONINGWASCLONEDPROTO3b024PINNEDLOCALBROADCASTMULTICASTIFSCOPECONDEMNEDIFREFPROXYROUTERUPBROADCASTDEBUGLOOPBACKPTPb6RUNNINGNOARP PPROMISC
  ALLMULTI
  OACTIVESIMPLEX
  LINK0LINK1LINK2MULTICASTDSTGATEWAYNETMASKGENMASKIFPIFAAUTHORBRD"0`=AÄ-p(`@___stack_chk_guardQrê@___stderrpê@___stdoutpê@_optindê@dyld_stub_binderÄ–ˇˇˇˇˇˇˇˇê[email protected]___bzeroê[email protected]___errorê[email protected]@___memcpy_chkê[email protected]___memmove_chkê[email protected]___snprintf_chkê[email protected]___stack_chk_failêr`@___strlcpy_chkê[email protected]_atoiê[email protected]_bcopyê[email protected]_ctimeêrÄ@_errêrà@_errxêrê@_exitêrò@_fflushêr†@_fprintfêr®@_freeaddrinfoêr∞@_freeifaddrsêr∏@_fwriteêr¿@_gai_strerrorêr»@_getaddrinfoêr–@_geteuidêrÿ@_gethostbyaddrêr‡@_gethostbynameêrË@_gethostnameêr@_getifaddrsêr¯@_getnameinfoêrÄ@_getnetbyaddrêrà@_getnetbynameêrê@_getoptêrò@_getpidêr†@_if_nametoindexêr®@_indexêr∞@_inet_addrêr∏@_inet_lnaofêr¿@_inet_networkêr»@_inet_ntoaêr–@_link_addrêrÿ@_link_ntoaêr‡@_mallocêrË@_memcpyêr@_memsetêr¯@_openêrÄ@_printfêrà@_putcêrê@_putcharêrò@_putsêr†@_readêr®@_setuidêr∞@_shutdownêr∏@_socketêr¿@_strchrêr»@_strcmpêr–@_strerrorêrÿ@_strlenêr‡@_strncpyêrË@_strtoulêr@_sysctlêr¯@_timeêrÄ@_warnêrà@_warnxêrê@_writeê__mh_execute_headerº
  GÂÎñÙ˚§„ëØÄé˙≤Ôœl‘™;\˙fiµ<BEa!*8GWi|áí°ßƵ∫¿∆Œ◊ÂÚ˙-<IUbp~Üéû•∞º ’‡ÎÛ˚ (.4<FNV^hpyÇäêñù§

  !"#$%&'()*+,-.0123456789:;<=>[email protected]@
  /

  !"#$%&'()*+,-.0123456789:;<=>[email protected]__mh_execute_header___bzero___error___memcpy_chk___memmove_chk___snprintf_chk___stack_chk_fail___stack_chk_guard___stderrp___stdoutp___strlcpy_chk_atoi_bcopy_ctime_err_errx_exit_fflush_fprintf_freeaddrinfo_freeifaddrs_fwrite_gai_strerror_getaddrinfo_geteuid_gethostbyaddr_gethostbyname_gethostname_getifaddrs_getnameinfo_getnetbyaddr_getnetbyname_getopt_getpid_if_nametoindex_index_inet_addr_inet_lnaof_inet_network_inet_ntoa_link_addr_link_ntoa_malloc_memcpy_memset_open_optind_printf_putc_putchar_puts_read_setuid_shutdown_socket_strchr_strcmp_strerror_strlen_strncpy_strtoul_sysctl_time_warn_warnx_writedyld_stub_binderradr://5614542˙fi¿M$D˙fi‡h0]‡[email protected]?“mlv\Í;Ï[≈Ëz§ë?ÿoé]êäùøßË(‹bëflƒ∏òñ°î°yt Ω4sMÇ7##@3:∑eû1aAp'¢⁄‡˜ª“œ∞z¢$Æâé!L1πxN‚èÕ©F»(‚4Áì›éŸw◊#B|£ÑÆ´ª d ⁄|±j3e•fiÚo≥-5ºfir)\Í˙fi@˙fi,com.apple.route˙fi

 3. Mon 04 Jul 2016 03:55:56 PM CEST
  Clogan75 joined the forum.