Neocekavana zmena default gateway
Radek Krejča
radek.krejca at starnet.cz
Mon Dec 17 07:06:51 CET 2012
Ahoj, tak to ani tak dlouho netrvalo, dokonce mi to bylo zmeneno pod rukou, kdyz jsem odsud doloval logy, takze cca behem peti minut. V tu chvili jsem tam byl opravdu sam, mpd5 nebezelo.....
route monitor:
got message of size 192 on Mon Dec 17 06:39:30 2012
RTM_DELETE: Delete Route: len 192, pid: 18941, seq 1, errno 0, flags:<GATEWAY,DONE,STATIC>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK>
default 189.71.208.123 default
Takze ty ipcka se nastavuji ruzne a minula souvislost s microsoftem byla opravdu nahoda.
netstat -nr
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 189.71.208.123 UGS 1 1184931064 em0
Zbytek rout tam patri.
ps -uax
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 11 396.2 0.0 0 64 ?? RL Sat01PM 8768:56.46 [idle]
root 0 2.7 0.0 0 192 ?? DLs Sat01PM 550:16.77 [kernel]
root 12 1.7 0.0 0 288 ?? WL Sat01PM 511:33.72 [intr]
root 1 0.0 0.0 6280 592 ?? SLs Sat01PM 0:00.86 /sbin/init --
root 2 0.0 0.0 0 16 ?? DL Sat01PM 0:00.01 [sctp_iterator]
root 3 0.0 0.0 0 16 ?? DL Sat01PM 0:00.00 [xpt_thrd]
root 4 0.0 0.0 0 16 ?? DL Sat01PM 0:00.09 [pagedaemon]
root 5 0.0 0.0 0 16 ?? DL Sat01PM 0:00.00 [vmdaemon]
root 6 0.0 0.0 0 16 ?? DL Sat01PM 0:00.00 [pagezero]
root 7 0.0 0.0 0 16 ?? DL Sat01PM 0:00.42 [bufdaemon]
root 8 0.0 0.0 0 16 ?? DL Sat01PM 0:00.50 [vnlru]
root 9 0.0 0.0 0 16 ?? DL Sat01PM 0:02.01 [syncer]
root 10 0.0 0.0 0 16 ?? DL Sat01PM 0:00.00 [audit]
root 13 0.0 0.0 0 48 ?? DL Sat01PM 0:00.10 [geom]
root 14 0.0 0.0 0 16 ?? DL Sat01PM 4:17.77 [yarrow]
root 15 0.0 0.0 0 128 ?? DL Sat01PM 0:06.16 [usb]
root 16 0.0 0.0 0 16 ?? DL Sat01PM 0:01.54 [acpi_thermal]
root 17 0.0 0.0 0 16 ?? DL Sat01PM 0:00.36 [acpi_cooling1]
root 18 0.0 0.0 0 16 ?? DL Sat01PM 0:00.93 [softdepflush]
root 33 0.0 0.0 0 16 ?? DL Sat01PM 0:00.04 [md0]
root 107 0.0 0.0 0 16 ?? DL Sat01PM 0:00.01 [md1]
root 112 0.0 0.0 0 16 ?? DL Sat01PM 0:00.00 [md2]
root 117 0.0 0.0 0 16 ?? DL Sat01PM 0:00.00 [md3]
root 122 0.0 0.0 0 16 ?? DL Sat01PM 0:00.02 [md4]
root 127 0.0 0.0 0 16 ?? DL Sat01PM 0:00.00 [md5]
root 139 0.0 0.0 0 16 ?? DL Sat01PM 0:00.06 [md6]
root 706 0.0 0.0 14364 1356 ?? Is Sat01PM 0:00.00 /usr/sbin/moused -p /dev/ums0 -t auto -I /var/run/moused.ums0.pid
root 735 0.0 0.1 10372 3468 ?? Ss Sat01PM 0:00.04 /sbin/devd
root 754 0.0 0.0 0 16 ?? DL Sat01PM 1:02.47 [pfpurge]
root 950 0.0 0.0 12184 1628 ?? Ss Sat01PM 0:31.27 /usr/sbin/syslogd -s
root 1075 0.0 0.0 0 64 ?? DL Sat01PM 0:00.00 [ng_queue]
root 1078 0.0 0.2 33532 7216 ?? S Sat01PM 4:10.53 /usr/local/sbin/snmpd -p /var/run/snmpd.pid -a
root 5209 0.0 0.4 35504 16676 ?? Ss Sat01PM 31:42.83 /usr/local/sbin/fprobe -iem1 -fvlan&&ip -B4096 -r2 -q10000 -t10000:10000000 -K18 nfsen.starnet.cz:23019
root 5331 0.0 0.1 46876 4420 ?? Ss Sat01PM 0:00.12 /usr/sbin/sshd
root 5338 0.0 0.1 20384 4320 ?? Ss Sat01PM 0:01.62 sendmail: accepting connections (sendmail)
smmsp 5342 0.0 0.1 20384 4068 ?? Is Sat01PM 0:00.02 sendmail: Queue runner na 00:30:00 for /var/spool/clientmqueue (sendmail)
root 5348 0.0 0.0 14260 1632 ?? Ss Sat01PM 0:00.39 /usr/sbin/cron -s
root 19025 0.0 0.1 68016 5276 ?? Is 6:45AM 0:00.02 sshd: darius [priv] (sshd)
darius 19027 0.0 0.1 68016 5324 ?? S 6:45AM 0:00.12 sshd: darius na pts/2 (sshd)
root 19108 0.0 0.0 0 16 ?? SL 6:58AM 0:00.00 [newnfs 0]
root 15904 0.0 0.1 41300 2156 v0 Is 10:19PM 0:00.01 login [pam] (login)
root 18914 0.0 0.1 17668 3240 v0 I 6:36AM 0:00.04 -csh (csh)
root 19009 0.0 0.0 3940 832 v0 I+ 6:45AM 0:00.00 route monitor
root 5416 0.0 0.0 12184 1320 v1 Is+ Sat01PM 0:00.00 /usr/libexec/getty Pc ttyv1
root 5417 0.0 0.0 12184 1320 v2 Is+ Sat01PM 0:00.00 /usr/libexec/getty Pc ttyv2
root 5418 0.0 0.0 12184 1320 v3 Is+ Sat01PM 0:00.00 /usr/libexec/getty Pc ttyv3
root 5419 0.0 0.0 12184 1320 v4 Is+ Sat01PM 0:00.00 /usr/libexec/getty Pc ttyv4
root 5420 0.0 0.0 12184 1320 v5 Is+ Sat01PM 0:00.00 /usr/libexec/getty Pc ttyv5
root 5421 0.0 0.0 12184 1320 v6 Is+ Sat01PM 0:00.00 /usr/libexec/getty Pc ttyv6
root 5422 0.0 0.0 12184 1320 v7 Is+ Sat01PM 0:00.00 /usr/libexec/getty Pc ttyv7
root 15936 0.0 0.0 10052 1356 0- I 10:20PM 2:08.07 route monitor
darius 19028 0.0 0.1 17668 2912 2 Is 6:45AM 0:00.01 -csh (csh)
root 19031 0.0 0.1 41304 2124 2 I 6:45AM 0:00.00 su -l
root 19032 0.0 0.1 17668 3540 2 S 6:45AM 0:00.03 -su (csh)
root 19109 0.0 0.0 14328 1400 2 R+ 6:58AM 0:00.00 ps -uax
ifconfig -a:
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC>
ether 00:25:90:a1:f5:a9
inet 178.255.168.19 netmask 0xfffff800 broadcast 178.255.175.255
inet6 fe80::225:90ff:fea1:f5a9%em0 prefixlen 64 scopeid 0x1
inet6 2a02:768:0:4000::19 prefixlen 64
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC>
ether 00:25:90:a1:f5:a8
inet6 fe80::225:90ff:fea1:f5a8%em1 prefixlen 64 scopeid 0x3
inet 10.1.11.1 netmask 0xfffffffc broadcast 10.1.11.3
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan304: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:25:90:a1:f5:a8
inet 10.219.11.97 netmask 0xffffffe0 broadcast 10.219.11.127
inet6 fe80::225:90ff:fea1:f5a8%vlan304 prefixlen 64 scopeid 0xb4
inet 10.9.114.1 netmask 0xfffffffc broadcast 10.9.114.3
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 304 parent interface: em1
At koukam, jak koukam, proste tam zadny podezrely proces nevidim, prihlasen nikdo nebyl....
Radek
More information about the Users-l
mailing list