Re: [Full-Disclosure] Strange ldap Behavior.

stephane nasdrovisky wrote:
> Soderland, Craig wrote:
>
>>
>>
>> ETHER: Destination = 0:0:5e:0:1:1, U.S. Department of Defense
>>
>>
> This mac looks familiar for me,isn't it the mac address used by vrrp ID
> 1? Isn't your default gateway a nokia firewall (or was,in which case you
> should reconfigure some device in order to remove any/many static arp
> entries (i.e. cisco routers can't learn these mac,that's why you may
> have/had to add static arp on some devices)) or any other vrrp device?

Yes, it is a VRRP address. The RFC for VRRP (at
http://www.faqs.org/rfcs/rfc2338.html ) says:

The virtual router MAC address associated with a virtual router is an
    IEEE 802 MAC Address in the following format:

       00-00-5E-00-01-{VRID} (in hex in internet standard bit-order)

    The first three octets are derived from the IANA's OUI. The next two
    octets (00-01) indicate the address block assigned to the VRRP
    protocol. {VRID} is the VRRP Virtual Router Identifier. This
    mapping provides for up to 255 VRRP routers on a network.

This is a VRRP MAC address. Whether it's a Nokia or other VRRP-speaker
we don't know.

Aaron

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Wed May 19 09:22:45 2004