THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question

Revision history  [back]

Revision 1
selt's avatar
1
selt
answered 2021-11-07 18:36:39 +0000

DEFINITELY MALICIOUS ! Its a symptom of Man in the middle attacks. Take a look at the MAC-IP assignments on the network by monitoring with something like arpwatch, I'm pretty sure you'll detect duplicate MACs. There's no reason to make a ARP query from a fake device and specify a return path different that the source, or even worse, a return path outside the network ! :O I found the same issue on one of my managed networks...