Mystery MAC address
heas at shrubbery.net
Fri Jul 8 16:46:00 UTC 2022
Fri, Jul 08, 2022 at 12:43:49PM -0400, Christopher Morrow:
> mac addresses can be lies... and they can repeat... joy!
> On Fri, Jul 8, 2022 at 12:22 PM JoeSox <joesox at gmail.com> wrote:
> > Hello,
> > I have something I have never seen before and was wondering if anyone in
> > the community has seen something like this?
> > So some active directory accounts are getting locked intermittently and I
> > had to do some sniffing and I have an IP address showing up in a non-used
> > subnet 10.1.2.x
> > And it shows an unrecognized MAC address. This virtual machine is in a
> > Nutanix environment.
> > I am trying to figure this out without bringing in paid outside help.
> > Thanks in advance for any responses.
> > c2:ea:e4:c5:57:e6
> > is the MAC in question. I don't fully understand this request. 10.1.2.18
> > is the mystery ip that doesn't ping, 10.1.3.9 is the DC.
> > AD Audit provides nonexistent machines making the requests and even blank.
> > "User account 'Administrator' was locked from computer ''."
> > [image: image.png]
> > --
> > Thank You,
> > Joe
More information about the NANOG