FOLLOWUP:
Looks like that MAC is our Sonicwall firewall and the packets are coming in
from upstream on a shared VLAN but not a shared subnet (not sure how this
is happening).
Our sonicwall shows one virus hit on one of the new 10.1.2.0
addresses (upstream subnet) seen today.
Thanks for all the res
On Fri, Jul 8, 2022 at 9:22 AM JoeSox wrote:
> And it shows an unrecognized MAC address. This virtual machine is in a
> Nutanix environment.
> I am trying to figure this out without bringing in paid outside help. Thanks
> in advance for any responses.
> c2:ea:e4:c5:57:e6
> is the MAC in question
The vendor code C0-EA-E4 looks like Sonicwall.
It’s not going unusual for a device take a global address on the device and
flip the local bit for some other use.
On Fri, Jul 8, 2022 at 10:13 AM Saku Ytti wrote:
> Technically the right most is multicast bit, the 2nd right most is locally
> assig
Technically the right most is multicast bit, the 2nd right most is locally
assigned, it doesn't imply randomisation, it is unknowable how it was
assigned.
On Fri, 8 Jul 2022 at 20:07, Brandon Svec via NANOG wrote:
> I think that is a randomized address. Look at the second character in a
> MAC ad
I think that is a randomized address. Look at the second character in a MAC
address, if it is a 2, 6, A, or E it is a randomized address. Per
https://www.mist.com/get-to-know-mac-address-randomization-in-2020/
*Brandon Svec*
On Fri, Jul 8, 2022 at 9:24 AM JoeSox wrote:
> Hello,
>
> I have som
Fri, Jul 08, 2022 at 12:43:49PM -0400, Christopher Morrow:
> mac addresses can be lies... and they can repeat... joy!
>
eg;
https://www.extremenetworks.com/extreme-networks-blog/wi-fi-mac-randomization-privacy-and-collateral-damage/
> On Fri, Jul 8, 2022 at 12:22 PM JoeSox wrote:
>
> > Hello,
mac addresses can be lies... and they can repeat... joy!
On Fri, Jul 8, 2022 at 12:22 PM JoeSox wrote:
> Hello,
>
> I have something I have never seen before and was wondering if anyone in
> the community has seen something like this?
>
> So some active directory accounts are getting locked int
Hello,
I have something I have never seen before and was wondering if anyone in
the community has seen something like this?
So some active directory accounts are getting locked intermittently and I
had to do some sniffing and I have an IP address showing up in a non-used
subnet 10.1.2.x
And it sh
8 matches
Mail list logo
