Кто сталкивался с такой ARP-атакой, подскажите как бороться. В логах такое:Sep 29 18:06:36 tvn kernel: arp: 192.168.223.215 moved from 00:1c:ec:8d:b3:e1 to 00:13:d3:17:eb:61 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.206.103 moved from 00:10:4b:b2:0f:4c to 00:ed:63:bd:2c:27 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.202.109 moved from 00:0f:ea:8c:f8:30 to 00:81:f9:8a:2a:43 on fxp0
Sep 29 18:06:36 tvn kernel: arplookup 192.168.30.32 failed: host is not on local network
Sep 29 18:06:36 tvn kernel: arp: 192.168.200.32 moved from 00:04:ac:56:0f:07 to 00:a4:08:17:c7:24 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.202.27 moved from 00:0f:ea:30:87:18 to 00:40:09:b3:a7:5a on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.200.31 moved from 00:04:ac:b8:04:ad to 00:83:92:04:03:51 on fxp0
Sep 29 18:06:36 tvn kernel: arplookup 195.209.235.1 failed: host is not on local network
Sep 29 18:06:36 tvn kernel: arp: 192.168.201.33 moved from 00:1a:4d:42:4f:c3 to 00:04:64:0f:2e:c2 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.202.237 moved from 00:19:21:75:34:e6 to 00:70:dd:7c:88:b2 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.223.215 moved from 00:13:d3:17:eb:61 to 00:1c:ec:8d:b3:e1 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.223.215 moved from 00:1c:ec:8d:b3:e1 to 00:13:d3:17:eb:61 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.223.215 moved from 00:13:d3:17:eb:61 to 00:1c:ec:8d:b3:e1 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.223.215 moved from 00:1c:ec:8d:b3:e1 to 00:13:d3:17:eb:61 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.223.215 moved from 00:13:d3:17:eb:61 to 00:1c:ec:8d:b3:e1 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.223.215 moved from 00:1c:ec:8d:b3:e1 to 00:13:d3:17:eb:61 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.223.215 moved from 00:13:d3:17:eb:61 to 00:1c:ec:8d:b3:e1 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.223.215 moved from 00:1c:ec:8d:b3:e1 to 00:13:d3:17:eb:61 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.223.215 moved from 00:13:d3:17:eb:61 to 00:1c:ec:8d:b3:e1 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.223.215 moved from 00:1c:ec:8d:b3:e1 to 00:13:d3:17:eb:61 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.223.215 moved from 00:13:d3:17:eb:61 to 00:1c:ec:8d:b3:e1 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.223.215 moved from 00:1c:ec:8d:b3:e1 to 00:13:d3:17:eb:61 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.223.215 moved from 00:13:d3:17:eb:61 to 00:1c:ec:8d:b3:e1 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.223.215 moved from 00:1c:ec:8d:b3:e1 to 00:13:d3:17:eb:61 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.223.215 moved from 00:13:d3:17:eb:61 to 00:1c:ec:8d:b3:e1 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.223.215 moved from 00:1c:ec:8d:b3:e1 to 00:13:d3:17:eb:61 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.223.215 moved from 00:13:d3:17:eb:61 to 00:1c:ec:8d:b3:e1 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.223.215 moved from 00:1c:ec:8d:b3:e1 to 00:13:d3:17:eb:61 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.223.215 moved from 00:13:d3:17:eb:61 to 00:1c:ec:8d:b3:e1 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.223.215 moved from 00:1c:ec:8d:b3:e1 to 00:13:d3:17:eb:61 on fxp0
Sep 29 18:06:36 tvn kernel: arp: 192.168.223.215 moved from 00:13:d3:17:eb:61 to 00:1c:ec:8d:b3:e1 on fxp0При этом сеть ложится полностью, сервера только и занимаются тем, что пишут логи.
Похоже на ARP-spoofing, но такой зверский первый раз вижу.
Как найти виновника, не меняя конфигурацию сети?
Как на счет прописать статическую таблицу и запретить реакцию на подобные запросы?
>Как на счет прописать статическую таблицу и запретить реакцию на подобные запросы?
>Сеть слишком большая, чтобы на каждой железке вести арп-таблицу.