LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-16-2016, 05:01 AM   #1
Clogan75
LQ Newbie
 
Registered: Jun 2016
Posts: 4

Rep: Reputation: Disabled
Is a black hole standard route code?


I found text (binaries I believe), within the executable titled "route" located in my iMacs sbin folder. It's a perfectly normal folder to have but its the contents that I question, it appears to be an attempt to rewrite my routing tables, can anyone help me confirm that this has been manually manipulated and is not "stock"? Here's what I found mixed in with a bunch of code, any comments would be greatly appreciated;

addblackholechangecloningdeletedstexpireflushgatewaygenmaskgethosthopcountifaceinterfaceifaifpinetin et6isolinkllinfolocklockrestmaskmonitormtunetnetmasknostaticosiprefixlenproto1proto2recvpiperejectrt trttvarsasendpipessthreshstaticx25xnsxresolveifscopebad keyword: %susage: route [-dnqtv] command [[modifiers] args]
nqdtv/dev/nullsocketmust be root to alter routing tableroute-sysctl-estimatemalloc failedroute-sysctl-getwrite to routing socketgot only %d for rlen
%-20.20s default%u.%u.%u.%uinvalid(%d) %x%u%u.%u%u.%u.%uaf %d:bad interface nameinvalid mask: %s%s %s %s: gateway %s (%s): %s
getifaddrsinternal error%s: %s
bad address: %sprefixlen not supported in this af
%s: bad value
actual retrieval of interface table
got message of size %d on %suwriting to routing socket: %sread from routing socketRTM_ADD: Add RouteRTM_DELETE: Delete RouteRTM_CHANGE: Change Metrics or flagsRTM_GET: Report MetricsRTM_LOSING: Kernel Suspects PartitioningRTM_REDIRECT: Told to use different routeRTM_MISS: Lookup failed on this addressRTM_LOCK: fix specified metricsRTM_OLDADD: caused by SIOCADDRTRTM_OLDDEL: caused by SIOCDELRTRTM_RESOLVE: Route created by cloningRTM_NEWADDR: address being added to ifaceRTM_DELADDR: address being removed from ifaceRTM_IFINFO: iface status changeRTM_NEWMADDR: new multicast group membership on ifaceRTM_DELMADDR: multicast group membership removed from ifacerouting message version %d not understood
%s: len %d, if# %d, flags:metric %d, flagsid: %ld, seq %d, errno %d, ifscope %d, ifref, flags: route to: %s
routing message version %d not understoodmessage length mismatch, in packet %d, returned %dmessage indicates error %ddestination: %s
mask: %s
gateway: %s
interface: %.*s
flags:
%s
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire%8u%c %8d%c
sockaddrs:
locks: inits:
sockaddrs: %s%s: link %s; %s: inet %s; 064128not in tableentry in userouting table overflowdoneExamining routing table from sysctl00Xa
HH3HTG,!
"#%(G)*≈*+\+!44∞4∫44444445
555(525<5F5P5Z5d5n5x5555555555555˙5666"6,666@6J6T6^6h6r6|666666∏666666677777$ 7(7/757 =7
E7
I7N7
W7]7g7k7o7t7z7~77777777≠7777 7!7"⁄7#7$7%7&ı7'7(8)
8*8+8,8-"8.(?y:::::
;4;\;|;;;;<:<Z<< pksentrttvarrttssthreshsendpiperecvpipeexpirehopcountmtuUPGATEWAYHOSTREJECTDYNAMICMODIFIEDDONEDELCLO NE CLONING
XRESOLVE
LLINFOSTATIC
BLACKHOLEb016PROTO2PROTO1PRCLONINGWASCLONEDPROTO3b024PINNEDLOCALBROADCASTMULTICASTIFSCOPECONDEMNEDIF REFPROXYROUTERUPBROADCASTDEBUGLOOPBACKPTPb6RUNNINGNOARP PPROMISC
ALLMULTI
OACTIVESIMPLEX
LINK0LINK1LINK2MULTICASTDSTGATEWAYNETMASKGENMASKIFPIFAAUTHORBRD"0`=A-p(`@___stack_chk_guardQr@___stderrp@___stdoutp@_optind@dyld_stub_binderĖˇˇˇˇˇˇˇˇr0@___bzeror8 @___errorr@@___memcpy_chkrH@___memmove_chkrP@___snprintf_chkrX@___stack_chk_failr`@___strlcpy_c hkrh@_atoirp@_bcopyrx@_ctimer@_errr@_errxr@_exitr@_fflushr@_fprintfr@_freeaddrinfor∞ @_freeifaddrsr∏@_fwriter@_gai_strerrorr@_getaddrinfor@_geteuidr@_gethostbyaddrr@_gethostb ynamer@_gethostnamer@_getifaddrsr@_getnameinfor@_getnetbyaddrr@_getnetbynamer@_getoptr @_getpidr@_if_nametoindexr@_indexr∞@_inet_addrr∏@_inet_lnaofr@_inet_networkr@_inet_ntoar @_link_addrr@_link_ntoar@_mallocr@_memcpyr@_memsetr@_openr@_printfr@_putcr@_putchar r@_putsr@_readr@_setuidr∞@_shutdownr∏@_socketr@_strchrr@_strcmpr@_strerrorr@_strlenr @_strncpyr@_strtoulr@_sysctlr@_timer@_warnr@_warnxr@_write__mh_execute_header
G˚˙≤Ԝl;\˙fi<BEa!*8GWi|Ƶ∫∆◊˙-<IUbp~∞*˚ (.4<FNV^hpy

!"#$%&'()*+,-.0123456789:;<=>?@ABC@
/

!"#$%&'()*+,-.0123456789:;<=>?@AB__mh_execute_header___bzero___error___memcpy_chk___memmove_chk___snprintf_chk___ stack_chk_fail___stack_chk_guard___stderrp___stdoutp___strlcpy_chk_atoi_bcopy_ctime_err_errx_exit_ff lush_fprintf_freeaddrinfo_freeifaddrs_fwrite_gai_strerror_getaddrinfo_geteuid_gethostbyaddr_gethostb yname_gethostname_getifaddrs_getnameinfo_getnetbyaddr_getnetbyname_getopt_getpid_if_nametoindex_inde x_inet_addr_inet_lnaof_inet_network_inet_ntoa_link_addr_link_ntoa_malloc_memcpy_memset_open_optind_p rintf_putc_putchar_puts_read_setuid_shutdown_socket_strchr_strcmp_strerror_strlen_strncpy_strtoul_sy sctl_time_warn_warnx_writedyld_stub_binderradr://5614542˙fiM$D˙fih0]com.apple.route
 
Old 06-16-2016, 06:31 AM   #2
wildwizard
Member
 
Registered: Apr 2009
Location: Oz
Distribution: slackware64-14.0
Posts: 865

Rep: Reputation: 264Reputation: 264Reputation: 264
Yes it is an old term

https://en.wikipedia.org/wiki/Black_hole_(networking)
 
Old 06-16-2016, 08:01 AM   #3
Clogan75
LQ Newbie
 
Registered: Jun 2016
Posts: 4

Original Poster
Rep: Reputation: Disabled
Thanks, I understNd that a black hole is an option within route, my question is about why it appears in my route folder when I didn't put it there. I've compared this to other route executables and haven't seen anything like this anywhere, no mention of black holes at all. Correct me if I'm wrong but I think this has been added by someone other than Apple or Best Buy where I bought the computer...?
 
Old 06-16-2016, 08:32 AM   #4
JockVSJock
Senior Member
 
Registered: Jan 2004
Location: SATX
Distribution: RHEL/CentOS
Posts: 1,166
Blog Entries: 4

Rep: Reputation: 131Reputation: 131
Use code tags to make what you post easier to read...

Code:
use me
 
Old 06-16-2016, 11:52 AM   #5
Clogan75
LQ Newbie
 
Registered: Jun 2016
Posts: 4

Original Poster
Rep: Reputation: Disabled
Sorry for being so naive but how do I do that? The only UPS I'm familiar with is the power source.

Last edited by Clogan75; 06-16-2016 at 12:11 PM.
 
Old 06-17-2016, 08:13 AM   #6
wildwizard
Member
 
Registered: Apr 2009
Location: Oz
Distribution: slackware64-14.0
Posts: 865

Rep: Reputation: 264Reputation: 264Reputation: 264
Why do you think this shouldn't be a part of the route executable

The closest source code you'll find to Apple's version is from BSD

https://svnweb.freebsd.org/base/rele...260789&view=co

BLACKHOLE appears 3 times
 
Old 06-17-2016, 09:06 AM   #7
Clogan75
LQ Newbie
 
Registered: Jun 2016
Posts: 4

Original Poster
Rep: Reputation: Disabled
Thank you so much for this link, it's the best description of route that I've yet seen. Compared to what you posted, my version is much more specific, I'll call it "tailored", When the add or del options are used, route modifies the routing tables which is what appears to have happened here. Does it not appear to have been manually changed? Without these options, route displays the current contents of the routing table but on this computer, when I try to use the "route" command in terminal nothing happens... From what I understand that could mean that route is corrupted.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Black hole attack help ramamohanreddypilli Linux - Newbie 13 09-20-2016 07:05 AM
sir i want completly black hole code in aodv routing protocol anujaulakh Linux - Wireless Networking 2 05-16-2015 07:09 PM
ns2 black hole attack code runing problem shan@559 Linux - Newbie 3 04-08-2015 11:08 AM
error while executing black hole chenil Linux - Newbie 1 01-23-2014 07:16 PM
LXer: wine patches the black hole of code? LXer Syndicated Linux News 0 07-27-2009 12:10 PM


All times are GMT -5. The time now is 02:21 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration