Those are the "transparent bridges" Im referring to. . . That Cisco includes them in every router is not suspicious, it is how malicious programs can use them that is suspicious. As I said, they are normally used in Ethernet routing and there are legitimate reasons for their uses. LAN usage is normal, but to hijack it for other purposes and then connect to non-authorized (or surreptitious) servers belonging to three letter agencies is a different thing entirely.
Okay. Thank you for the clear explanation.