Re: help: duplicate MAC address
On 10/20/06, Javier Fernández-Sanguino Peña <jfs@computer.org> wrote:
On Thu, Oct 19, 2006 at 11:01:39AM +0800, Lestat V wrote:
> On 10/19/06, Lestat V <dreameration@gmail.com> wrote:
> >On 10/19/06, Javier Fernández-Sanguino Peña <jfs@computer.org> wrote:
> >> On Wed, Oct 18, 2006 at 11:09:35AM +0800, Lestat V wrote:
Can you 'arping' 00:e0:4c:8c:a2:d1 ?
No, I can't.
Can you 'arping' 00:07:84:52:55:3c ?
No, either.
Have you tried to use 'arptables' to filter out 00:00:0c:07:ac:00 so that
you don't listen to its ARP replies? Also, did you try any of the tools to
*detect* arp poisoning I pointed out in my first e-mail?
Not yet till receipt of your this letter. Then I try arptables, and
block 00:00:0c:07:ac:00. After that, however, I got disconnected to
network, which I think should be due my gateway previously set to
10.100.105.250 whoes MAC is 00:00:0c:07:ac:00. So I change my gateway
to 10.100.105.252, then I got reconnected, and everything seems normal
except that I cannot connect to .14 and .1 any more. The ARP cache now
reads:
? (10.100.105.251) at 00:07:84:52:55:3C [ether] on eth0
? (10.100.105.252) at 00:07:84:52:55:3D [ether] on eth0
? (10.100.105.250) at <incomplete> on eth0
? (10.100.105.14) at <incomplete> on eth0
? (10.100.105.15) at <incomplete> on eth0
? (10.100.105.13) at 00:E0:4C:8C:A2:D1 [ether] on eth0
? (10.100.105.1) at <incomplete> on eth0
BTW, that MAC address seems to be a multicast address used by HSRP routers.
Do you have any Cisco HSRP routers in your network?
I know that the switching devices are from CIsco.
Reply to: