Uncommon Routing Table Listing via route.exe

The Uncommon Routing Rable Listing via route.exe alert indicates that the route.exe command was used to display or modify the local IP address routing table.


10 minutes.
3 days.
14 days.
10 minutes.
Traps endpoint data.


The route.exe command is used to display and modify entries in the local IP address routing table. The IP routing table determines the local network traffic path.

Attacker's Goals

Attackers can attempt to use the command to discover remote systems they could compromise.

Related Documentation