probably ARP poisong attempt to spoof/dump traffic by hijacking it.
switch isn't almighty and using vlans as port isolation tools well-known but not flawless(there was several ways to bypass/thwart vlan port isolation, especially on default configuration of majority of devices).
that problem really polluting majority of copper ISP's and smart switches, used by them on endpoint before BRAS and eventually lead to introduction of both 802.1AR and 802.1AE by majority of networking cirtuitry corpoations/vendors.
aswell as before SEND was created as both ARP and NDP replacement(cuz both ARP and NDP considered flawed/vulnerable beyond chances to repair/protect. in case of v6 there was some serious issues aside RA well-known one), but never implemented properly for ipv4 and never really mass-deployed/adopted.
as sidenote(irrelevant to security aspect): on common linux you always can maintain ARP trottling by conntrack/firewall rule with connection limtation, cuz there was ebtables, arptables and new filtering framework/front-end, than unify both three, while on RouterOS you cannot relly control ARP or NDP very well(and cannot NDP at all), yet.
if you not run you network with statically-assigned adresses you always can switch ports to "reply-only" ARP mode to rely on you DHCP server package on managing that.
Switch isn't using default configuration (it's a 2960S btw), nor is the CCR, when i mirror the port that connects to the CCR i can see the incomming ARP request from it, i've also checked the switch's per vlan mac address table and verified the equipment on each port, it all seems to be as intended. Checked all the computers looking for viruses all seems to be clean, our computers are isolated from the internet due to NAT, we don't even have a DMZ stablished.
Need a hotspot with facebook integration?
Send a PM!
Hablamos español, atendemos el mercado de latinoamérica visita nuestra página web: