my hosting provider (Hetzner) occasionally sends me abuse reports because fake MAC addresses from my server are appearing on the switch port.
I was able to capture this using tcpdump last time:
20:00:40:06:34:f2 (oui Unknown) > 45:00:00:44:9a:02 (oui Unknown), ethertype Unknown (0x8ac7), length 68:
20:06:40:06:34:ec (oui Unknown) > 45:00:00:44:9a:02 (oui Unknown), ethertype Unknown (0x8ac7), length 68:
20:0c:40:06:34:e6 (oui Unknown) > 45:00:00:44:9a:02 (oui Unknown), ethertype Unknown (0x8ac7), length 68:
20:12:40:06:34:e0 (oui Unknown) > 45:00:00:44:9a:02 (oui Unknown), ethertype Unknown (0x8ac7), length 68:
20:18:40:06:34:da (oui Unknown) > 45:00:00:44:9a:02 (oui Unknown), ethertype Unknown (0x8ac7), length 68:
20:1e:40:06:34:d4 (oui Unknown) > 45:00:00:44:9a:02 (oui Unknown), ethertype Unknown (0x8ac7), length 68:
20:24:40:06:34:ce (oui Unknown) > 45:00:00:44:9a:02 (oui Unknown), ethertype Unknown (0x8ac7), length 68:
20:2a:40:06:34:c8 (oui Unknown) > 45:00:00:44:9a:02 (oui Unknown), ethertype Unknown (0x8ac7), length 68:
20:30:40:06:34:c2 (oui Unknown) > 45:00:00:44:9a:02 (oui Unknown), ethertype Unknown (0x8ac7), length 68:
20:36:40:06:34:bc (oui Unknown) > 45:00:00:44:9a:02 (oui Unknown), ethertype Unknown (0x8ac7), length 68:
20:3c:40:06:34:b6 (oui Unknown) > 45:00:00:44:9a:02 (oui Unknown), ethertype Unknown (0x8ac7), length 68:
During my search, I came across the kernel bug 219766
Is it possible that this bug has still not been fixed in AlmaLinux 10 with kernel 6.12.0-124.52.1.el10_1.x86_64?
We receive the abuse email from Hetzner every 6–8 weeks. It’s really quite annoying.
Best regards,
Heiko