Re: Mystery MAC address

[heasley <heas () shrubbery net>]

Fri, Jul 08, 2022 at 12:43:49PM -0400, Christopher Morrow:
> mac addresses can be lies... and they can repeat... joy!

eg; https://www.extremenetworks.com/extreme-networks-blog/wi-fi-mac-randomization-privacy-and-collateral-damage/

> On Fri, Jul 8, 2022 at 12:22 PM JoeSox <joesox () gmail com> wrote:
>
> > Hello,
> >
> > I have something I have never seen before and was wondering if anyone in
> > the community has seen something like this?
> >
> > So some active directory accounts are getting locked intermittently and I
> > had to do some sniffing and I have an IP address showing up in a non-used
> > subnet 10.1.2.x
> > And it shows an unrecognized MAC address. This virtual machine is in a
> > Nutanix environment.
> >
> > I am trying to figure this out without bringing in paid outside help.
> > Thanks in advance for any responses.
> > c2:ea:e4:c5:57:e6
> > is the MAC in question. I don't fully understand this request. 10.1.2.18
> > is the mystery ip that doesn't ping, 10.1.3.9 is the DC.
> > AD Audit provides nonexistent machines making the requests and even blank.
> > "User account 'Administrator' was locked from computer ''."
> >
> > [image: image.png]
> >
> > --
> > Thank You,
> > Joe