I don't know if this is normal to see or what. I cant figure it out We have sites that are all isolated by mikrotiks and use ospf between them
what I'm seeing is stuff like site A having a customer on 1.2.3.4 at both sites A and B I'm seeing conversations between 1.2.3.4 from site A and 192.168.2.1 at site B. Site B does not have the 192.168.2 subnet even present. when I put an IP in that subnet on site B mikrotik I see a MAC matching that IP, it is also present for an actual customer, we will say 5.6.7.8 I'm wondering if there isn't some form of tunnel between these two customers isolated by multiple routers that is leaking internal traffic out or something of that nature. I'm currently dropping that traffic now, I should have been from the get go, but what I don't understand is how, with no routes or subnets present this communication is even happening. Scared me assumes the CIA hacked all my mikrotiks, then hijacked customer routers and are somehow using my network to mine bitcoin to fund black site operations. Reality tells me its misconfiguration somewhere on my part any ideas?
