nbtstat - a 10.0.1.82
Local Area Connection:
Node IpAddress: [10.0.1.76] Scope Id: 
NetBIOS Remote Machine Name Table
Name Type Status
MARIA-PC <00> UNIQUE Registered
MARIA-PC <20> UNIQUE Registered
ARC <00> GROUP Registered
ARC <1E> GROUP Registered
MAC Address = 00-1D-09-87-2B-71
Right away the address in request changes to 76. Why is that?
Symantec Endpoint Protection gives this:
Event Description: Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer. Packet data is shown in the right window.
Attack Type: MAC Spoofing
Event Time: 10/13/2008 10:43:10
Remote Host IP: 10.0.1.100
Begin Time: 10/12/2008 22:42:58
End Time: 10/12/2008 22:42:58
Domain Name: Default
Site Name: Site server2
Server Name: server2
Group Name: My Company\team ARC
When event occurred: maria-pc
Operating system name: Windows XP Professional
Location Name: Default
User Name: maria
Local MAC: 001D09872B71
Remote MAC: 001D092868F4
Hardware Key: F99127C11A4FC6F9A870D8029F
Network Protocol: Other
Traffic Direction: Inbound
Send SNMP trap: 1
Remote Host Name:
Hack Type: 0
About 20 of those messages came up before the PC got disconnected from the network by the firewall.
There is a thread on symantec forums here:
But what I really need is way to get down to the bottom of this and see what's causing it in on my network.
Being new to dealing with MAC address I tried things like lookin both of them up in the vendor DB which came up as Dell for both addresses.
I only have 1 network adapter on that PC.
Points are 250.