Odd NIC/MAC behavior

Discussion in 'other firewalls' started by CitizenP, May 1, 2015.

  1. CitizenP

    CitizenP Registered Member

    Joined:
    May 1, 2015
    Posts:
    1
    My pfSense firewall running arpwatch detected one of our ancient Server 2003 boxes doing this:

    May 1 10:11:54 kernel: arp: 10.1.1.12 moved from XX:XX:XX:XX:XX:0c to XX:XX:XX:XX:XX:08 on bge0
    May 1 10:10:46 kernel: arp: 10.1.1.12 moved from XX:XX:XX:XX:XX:08 to XX:XX:XX:XX:XX:0c on bge0

    Every ~1hr 30m or so.

    Has anyone seen this before? This is a Broadcom card on a Dell server. Was possible thinking Dell OOB software or some other OOB transport could be doing this. If it is Dell based, where/what should I look for to disable/remove? Current A/V and Malwarebytes not detecting anything.

    The server is slated to be upgraded shortly, my concern is that it might need to be trashed instead. This Box has no direct connectivity to the outside world, but is sitting next to a box that is.