rogue routing entry

  • Thread starter Thread starter David Beaven
  • Start date Start date
D

David Beaven

We have a rogue routing entry in the active routes part of a routing table
for an dubious external IP address. We have seen other entries appear then
disappear. Server reboots don't clear the entry. We suspect a trojan.
Routing and remote access claims not to be installed or configured.
Can you suggest a way to trace how this route was added? Would netsh do it?
Any other advice appreciated.
Thanks
David
 
Are these routes Host routes? Could these routing entries becoming from ICMP
redirect? Please post an example of one of the bogus routes.


--

Thanks,
Marc Reynolds
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Do these appear in "Route Print"? This area is (apparently)
not completely integrated with RRAS static routes.

Does "route delete" remove it?
(I presume it then reappears, now or after reboot.)

What OS are you running?
Have you scanned the machine for malware and viruses
as you suspect these?
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem adding persistent network routes for specific interface 0
Routes added with "netsh" are not displayed in the "route print" output 1
W2003 SP1 RRAS: wrong routing table entry after client VPN connection 3
Problem with route add and VPN 7
2nd route to LAN added when client connects 6
Missing Interfaces and folder Ip Routing Nat 2
RRAS Static Route 2
Routing 1

Back
Top