Last night I was troubleshooting a strange issue where Apple products (So far just MacOS and Airports) were losing internet connectivity sporadically. Originally I thought it was an IPv6 transition technology causing the problem but the customer couldn't even ping their default GW via v4. To rule out the customer mistyping/giving us wrong information on what they were seeing I attempted to verify IP connectivity from my DHCP server to them. I pinged the IP they had retrieved via DHCP earlier. What I got back were ICMP redirects interspersed with echo replies from the customer I was pinging. The redirects were of the form: "Redirect Host(New nexthop: x.y.z.23)" The nexthop being an IP of the customer I was troubleshooting. Thinking that was very odd I setup an ACL on the vlan serving that subnet to log ICMP redirects. What I found was one IP x.y.z.56 sending redirects to IPs on my network as well as several IPs outside my network. As far as I know there is no legitimate reason for a residential PC or home gateway to send ICMP redirects. There were also a few dozen other IPs on that subnet sending ICMP redirects. A majority of them had 68:7f:74 (Cisco-Linksys) OUIs. There were also some Belkins and one ASUStek OUIs. The 68:7f:74 source MACs were dispersed amongst many customers not all from the same customer. Which leads me to believe there is either a bugged Linksys firmware or an exploited Linksys home gateway causing trouble. Has anyone ever seen something like this before? Is there any reason to see ICMP redirects on a single homed residential subnet? I'm considering adding ICMP redirects to my customer edge ACL unless there is a legitimate purpose for these packets. Thanks -ML