ICMP Redirects from residential customer subnets?

[ML <ml () kenweb org>]

Last night I was troubleshooting a strange issue where Apple products 
(So far just MacOS and Airports) were losing internet connectivity 
sporadically.

Originally I thought it was an IPv6 transition technology causing the 
problem but the customer couldn't even ping their default GW via v4.

To rule out the customer mistyping/giving us wrong information on what 
they were seeing  I attempted to verify IP connectivity from my DHCP 
server to them.  I pinged the IP they had retrieved via DHCP earlier.

What I got back were ICMP redirects interspersed with echo replies from 
the customer I was pinging.  The redirects were of the form:

"Redirect Host(New nexthop: x.y.z.23)" The nexthop being an IP of the 
customer I was troubleshooting.  Thinking that was very odd I setup an 
ACL on the vlan serving that subnet to log ICMP redirects.  What I found 
was one IP x.y.z.56 sending redirects to IPs on my network as well as 
several IPs outside my network.  As far as I know there is no legitimate 
reason for a residential PC or home gateway to send ICMP redirects. 
There were also a few dozen other IPs on that subnet sending ICMP 
redirects.  A majority of them had 68:7f:74 (Cisco-Linksys) OUIs.  There 
were also some Belkins and one ASUStek OUIs.

The 68:7f:74 source MACs were dispersed amongst many customers not all 
from the same customer.  Which leads me to believe there is either a 
bugged Linksys firmware or an exploited Linksys home gateway causing 
trouble.

Has anyone ever seen something like this before?

Is there any reason to see ICMP redirects on a single homed residential 
subnet? I'm considering adding ICMP redirects to my customer edge ACL 
unless there is a legitimate purpose for these packets.


Thanks
-ML