Full Disclosure mailing list archives

Re: Strange ldap Behavior.

From: Aaron Gee-Clough <lists () g-clef net>
Date: Wed, 19 May 2004 09:10:19 -0400

stephane nasdrovisky wrote:

Soderland, Craig wrote:
      ETHER:  Destination = 0:0:5e:0:1:1, U.S. Department of Defense
This mac looks familiar for me,isn't it the mac address used by vrrp ID1? Isn't your default gateway a nokia firewall (or was,in which case youshould reconfigure some device in order to remove any/many static arpentries (i.e. cisco routers can't learn these mac,that's why you mayhave/had to add static arp on some devices)) or any other vrrp device?

Yes, it is a VRRP address. The RFC for VRRP (athttp://www.faqs.org/rfcs/rfc2338.html ) says:


The virtual router MAC address associated with a virtual router is an
   IEEE 802 MAC Address in the following format:

      00-00-5E-00-01-{VRID} (in hex in internet standard bit-order)

   The first three octets are derived from the IANA's OUI.  The next two
   octets (00-01) indicate the address block assigned to the VRRP
   protocol.  {VRID} is the VRRP Virtual Router Identifier.  This
   mapping provides for up to 255 VRRP routers on a network.

This is a VRRP MAC address. Whether it's a Nokia or other VRRP-speakerwe don't know.


Aaron

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Strange ldap Behavior. Soderland, Craig (May 18)
- RE: Strange ldap Behavior. Simon Hailstone (May 18)
- Re: Strange ldap Behavior. Valdis . Kletnieks (May 18)
- Re: Strange ldap Behavior. stephane nasdrovisky (May 18)
  - Re: Strange ldap Behavior. Aaron Gee-Clough (May 19)
    - Re: Strange ldap Behavior. Valdis . Kletnieks (May 19)
- RE: Strange ldap Behavior. Steele (May 18)
- <Possible follow-ups>
- RE: Strange ldap Behavior. Soderland, Craig (May 18)
  - Re: Strange ldap Behavior. Valdis . Kletnieks (May 18)