Mystery MAC address
cjc+nanog at pumpky.net
Fri Jul 8 18:14:41 UTC 2022
The vendor code C0-EA-E4 looks like Sonicwall.
It’s not going unusual for a device take a global address on the device and
flip the local bit for some other use.
On Fri, Jul 8, 2022 at 10:13 AM Saku Ytti <saku at ytti.fi> wrote:
> Technically the right most is multicast bit, the 2nd right most is locally
> assigned, it doesn't imply randomisation, it is unknowable how it was
> On Fri, 8 Jul 2022 at 20:07, Brandon Svec via NANOG <nanog at nanog.org>
>> I think that is a randomized address. Look at the second character in a
>> MAC address, if it is a 2, 6, A, or E it is a randomized address. Per
>> *Brandon Svec*
>> On Fri, Jul 8, 2022 at 9:24 AM JoeSox <joesox at gmail.com> wrote:
>>> I have something I have never seen before and was wondering if anyone in
>>> the community has seen something like this?
>>> So some active directory accounts are getting locked intermittently and
>>> I had to do some sniffing and I have an IP address showing up in a non-used
>>> subnet 10.1.2.x
>>> And it shows an unrecognized MAC address. This virtual machine is in a
>>> Nutanix environment.
>>> I am trying to figure this out without bringing in paid outside help.
>>> Thanks in advance for any responses.
>>> is the MAC in question. I don't fully understand this request. 10.1.2.18
>>> is the mystery ip that doesn't ping, 10.1.3.9 is the DC.
>>> AD Audit provides nonexistent machines making the requests and even
>>> "User account 'Administrator' was locked from computer ''."
>>> [image: image.png]
>>> Thank You,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the NANOG