lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: lists at g-clef.net (Aaron Gee-Clough)
Subject: Strange ldap Behavior.

stephane nasdrovisky wrote:
> Soderland, Craig wrote:
> 
>>  
>>
>>       ETHER:  Destination = 0:0:5e:0:1:1, U.S. Department of Defense
>>
>>
> This mac looks familiar for me,isn't it the mac address used by vrrp ID 
> 1? Isn't your default gateway a nokia firewall (or was,in which case you 
> should reconfigure some device in order to remove any/many static arp 
> entries (i.e. cisco routers can't learn these mac,that's why you may 
> have/had to add static arp on some devices)) or any other vrrp device?


Yes, it is a VRRP address.  The RFC for VRRP (at 
http://www.faqs.org/rfcs/rfc2338.html ) says:

The virtual router MAC address associated with a virtual router is an
    IEEE 802 MAC Address in the following format:

       00-00-5E-00-01-{VRID} (in hex in internet standard bit-order)

    The first three octets are derived from the IANA's OUI.  The next two
    octets (00-01) indicate the address block assigned to the VRRP
    protocol.  {VRID} is the VRRP Virtual Router Identifier.  This
    mapping provides for up to 255 VRRP routers on a network.


This is a VRRP MAC address.  Whether it's a Nokia or other VRRP-speaker 
we don't know.

Aaron

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ