Re: Mac addresses

["Di Fabio, Andrea" <adifabio () NSU EDU>]

I would start with finding what switchport they are coming from and then pay
a visit to that machine if it is just one machine or one switchport.  Could
be a CAM flood attach or a bad NIC or hub attached to the port.  Did you
take a packet capture to see what's on layer 3-7?


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Peter Charbonneau
Sent: Tuesday, September 09, 2008 9:50 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Mac addresses

I am seeing "sequential" MAC addresses on my network in the form of:

02-00-00-00-00-01
02-00-00-00-00-02
02-00-00-00-00-03
02-00-00-00-00-04
02-00-00-00-00-05
02-00-00-00-00-06
02-00-00-00-00-07
02-00-00-00-00-08
02-00-00-00-00-09
02-00-00-00-00-10
02-00-00-00-00-11
02-00-00-00-00-12
02-00-00-00-00-13
02-00-00-00-00-14
02-00-00-00-00-15
02-00-00-00-00-16
02-00-00-00-00-17
02-00-00-00-00-18
02-00-00-00-00-19
02-00-00-00-00-20

These are only a few ... I have about 100 of them.  They only exist in
my "BlachHole" VLAN -- no connectivity to anything else, no routers no
nothing.

I can't find any documentation on what these MAC addresses are.  I am
guessing that they are some sort of LLDP MAC address, but it seems
weird that I don't get any search engine hits about them.

This is not one machine spewing out multiple bogus addresses, but many
machines .... one to one?  Not sure.

Ideas?


PeteC


Peter Charbonneau
Sr. Network and Systems Administrator
Williams College
(413) 597-3408 (office)
(413) 822-2922 (cell)

Attachment: smime.p7s
Description: