Why does A10 device send ARP attack?

huzhiqihuzhiqi Member
in ADC - Application Delivery

Our switch received an ARP attack alarm from A10 device.And the SourceAttackIP 202.104.30.228 is deployed on our A10.

 What is the original cause of this?


Aug 8 2022 19:09:34+08:00 GDSD-BDC-INT-CR01 %%01SECE/4/SPECIFY_SIP_ATTACK(l)[12]:The specified source IP address attack occurred. (Slot=MPU, SourceAttackIP=202.104.30.228, AttackProtocol=ARP, AttackPackets=90 packets per second)

A10 ve30 IP.png


Comments

  • tmitsuhatatmitsuhata Member, Administrator, A10ers admin

    Hi huzhiqi,

    It's difficult to identify the cause of this only with the log from switch. Did you notice any network change during that time?

    By the way, do you know if those ARP packets are request or reply? I somehow assume that A10 device received some sort of (bust) routed traffic destined to IP(s) within this subnet and A10 device tried to resolve MAC address for those IP(s).

    If you see this frequently and want to troubleshoot further, you may want to open a ticket with A10 support team.

    Thanks.

  • john_allenjohn_allen Member, A10ers ✭✭

    What is configured to use VE30 on your Thunder node? Is it configured to pass-through traffic?? You might want to look on your Thunder node logs to see if it also registered this attack.

Sign In or Register to comment.

© Copyright 2024 - A10 Networks Community - All Rights Reserved. | Legal