David A. Lane wrote:
> Someone is trying to make a mess of my system and I have managed to catch
> the "MAC" address, but I cannot seem to correlate it to a vendor. I have
> pulled the IANA Ether Types list, but it does not seem to appear. Anybody
> have a lead on 00e0.1E9F.16DB?
First thing: Remember that MAC addresses CAN be faked....
According to the database at
the "00e01e" prefix is used by Cisco.
That means that what you are seeing is really from the "other" side of
one of the interfaces on your router and thus shows up as the address
of the router .
What that would allow you to do is "follow" the router trail...
(tedious, but feasable)
If the system is a Novell fileserver (based on your .sig), are you
passing IPX through your router? If so, does the other side REALLY need
to see your IPX traffic? If not, you can safely disable IPX on that
router. If IPX is needed, you will need the cooperation of those in
charge of the "other" segments...
A traffic monitor like NetXray would be useful.
A shareware one called "EtherLoad" may also help.(version 2.00 works
great on an old 80286 laptop w/ a pocket ethernet adapter :-) [can use
ODI or packet drivers])
[eMail sent to any of my addresses is subject to the Conditions outlined
[Note: I no longer support ARNet (arn.net) as an ISP nor WTAMU
(wtamu.edu) as an educational institution nor LEK (lektech.com) as a
[heard somewhere: "You have the right to remain clueless. Anything you
know may be used against you in a court of law"]
Another day, so many more LARTS to go. [BOFH, BUFH]
<time is on my side>
Description: S/MIME Cryptographic Signature