[Oisf-users] Finding the source of a broadcast
robert.jamison at bt.com
robert.jamison at bt.com
Fri Apr 24 15:29:03 UTC 2015
Perhaps Slingbox? Echostar (parent company registering 00:0d:c5) owns both Sling and Hughes (link: http://en.wikipedia.org/wiki/EchoStar) and a posting (below) points 00:0d:c5 prefix to the a SlingBox device:
static-mapping Slingbox-350 {
ip-address 10.0.1.10
mac-address 00:0d:c5:00:00:00
(link: https://community.ubnt.com/t5/EdgeMAX/Ports-Do-Not-Open-Close-When-Forwarded/td-p/1137453)
Rob Jamison | Assure Intelligence | BT Security
-----Original Message-----
From: oisf-users-bounces at lists.openinfosecfoundation.org [mailto:oisf-users-bounces at lists.openinfosecfoundation.org] On Behalf Of James Moe
Sent: Friday, April 24, 2015 2:19 AM
To: oisf-users at lists.openinfosecfoundation.org
Subject: [Oisf-users] Finding the source of a broadcast
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
suricata 2.0.7
linux v3.16.7-7-desktop x86_64
One of the alerts generated by suricata is for a "VLAN unknown type." It is, however, a broadcast from a device that implements a Spanning Tree Protocol (STP). This would imply a router.
All I have is the MAC address of the device that is generating the broadcasts; they occur every 2 seconds. It does not match with any of the known devices or hosts on our network. Also: "This kernel does not support RARP." Hmph.
Ethernet II, Src: Echostar_17:53:1f (00:0d:c5:17:53:1f), Dst:
Broadcast (ff:ff:ff:ff:ff:ff)
Can any one suggest a method of finding which device is emitting the broadcast?
- --
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlU54FMACgkQzTcr8Prq0ZPMBACfVHsOEz2Qi6/utVn7VH3YmAKY
hQ0AoKXo4de2qJ1KB6j6u3olrtOAAVws
=6mLD
-----END PGP SIGNATURE-----
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
More information about the Oisf-users
mailing list