ff:ff:ff:ff is just an impossible MAC address. It is the "everyone" mac address. Back in college I wrote something in my computer science course about the possibility of crashing a network in a DDOS way spoofing the Mac address to this value. "ff:ff:ff:ff" refer to everyone, and, as "everyone" would try to answer to "everyone", you quickly end in a nightmare situation, at least in theory, it is quite hard to forge packet this way and this kind of trick is patched since age.
Still, look like you are under attack from a ghost... If you suspect this to come from the internet you might want to notice your ISP, they may have some "trace" or hints about who is doing this (ultimately banning him). But for now, there isn't much to do, even if you block this address, the packet will reach your network (as the iptables rules are checked once the network card got the trafic, of course), crafting a rules to (try to) ban this would most likely result in a cpu consumtion without any result of the flood... if you want to try anyways, I suppose we could help you, but we will need your kernel version and your iptables version (iptables prior to 1.2.7 on kernel 2.4 was a bit basic about making rules on mac address if I remember right).
|