Re: Mystery MAC address

[Christopher Morrow <morrowc.lists () gmail com>]

mac addresses can be lies... and they can repeat... joy!


On Fri, Jul 8, 2022 at 12:22 PM JoeSox <joesox () gmail com> wrote:

> Hello,
>
> I have something I have never seen before and was wondering if anyone in
> the community has seen something like this?
>
> So some active directory accounts are getting locked intermittently and I
> had to do some sniffing and I have an IP address showing up in a non-used
> subnet 10.1.2.x
> And it shows an unrecognized MAC address. This virtual machine is in a
> Nutanix environment.
>
> I am trying to figure this out without bringing in paid outside help.
> Thanks in advance for any responses.
> c2:ea:e4:c5:57:e6
> is the MAC in question. I don't fully understand this request. 10.1.2.18
> is the mystery ip that doesn't ping, 10.1.3.9 is the DC.
> AD Audit provides nonexistent machines making the requests and even blank.
> "User account 'Administrator' was locked from computer ''."
>
> [image: image.png]
>
> --
> Thank You,
> Joe