Educause Security Discussion mailing list archives
Re: Mac addresses
From: Brian Kaye <bdk () UNB CA>
Date: Tue, 9 Sep 2008 12:15:52 -0300
There is a script I found called maidwts.pl (mac addresses I don't want to see) available somewhere which helps look for invalid mac addresses. Basically it uses a list of valid OUIs and picks out ones with invalid ones. This might help a little in case there are other less obvious forgeries. .....Brian Kaye .....UNB On Tue, 9 Sep 2008, Peter Charbonneau wrote:
Date: Tue, 9 Sep 2008 09:50:03 -0400 From: Peter Charbonneau <Peter.Charbonneau () WILLIAMS EDU> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Mac addresses I am seeing "sequential" MAC addresses on my network in the form of: 02-00-00-00-00-01 02-00-00-00-00-02 02-00-00-00-00-03 02-00-00-00-00-04 02-00-00-00-00-05 02-00-00-00-00-06 02-00-00-00-00-07 02-00-00-00-00-08 02-00-00-00-00-09 02-00-00-00-00-10 02-00-00-00-00-11 02-00-00-00-00-12 02-00-00-00-00-13 02-00-00-00-00-14 02-00-00-00-00-15 02-00-00-00-00-16 02-00-00-00-00-17 02-00-00-00-00-18 02-00-00-00-00-19 02-00-00-00-00-20 These are only a few ... I have about 100 of them. They only exist in my "BlachHole" VLAN -- no connectivity to anything else, no routers no nothing. I can't find any documentation on what these MAC addresses are. I am guessing that they are some sort of LLDP MAC address, but it seems weird that I don't get any search engine hits about them. This is not one machine spewing out multiple bogus addresses, but many machines .... one to one? Not sure. Ideas? PeteC Peter Charbonneau Sr. Network and Systems Administrator Williams College (413) 597-3408 (office) (413) 822-2922 (cell)
Current thread:
- Mac addresses Peter Charbonneau (Sep 09)
- <Possible follow-ups>
- Re: Mac addresses Di Fabio, Andrea (Sep 09)
- Re: Mac addresses Brian Kaye (Sep 09)
- Re: Mac addresses Brian Kaye (Sep 09)
- Re: Mac addresses Peter Charbonneau (Sep 09)