网口聚合出现ARP攻击数据

iomect

我是两个网口聚合 飞牛里配置了静态IP 路由器里也设置了DHCP静态分配
但是在路由器日志里看到很多这样的日志

2025-07-20 12:57:36
检测到一个ARP地址欺骗在接口(eth3): 10.0.0.88 a8:b8:e0:08:07:0b->a8:b8:e0:08:07:0c
2025-07-20 12:57:36
检测到一个ARP地址欺骗在接口(eth3): 10.0.0.88 a8:b8:e0:08:07:0b->a8:b8:e0:08:07:0c
2025-07-20 12:45:34
检测到一个ARP地址欺骗在接口(eth3): 10.0.0.88 a8:b8:e0:08:07:0b->a8:b8:e0:08:07:0c
2025-07-20 12:45:34
检测到一个ARP地址欺骗在接口(eth3): 10.0.0.88 a8:b8:e0:08:07:0b->a8:b8:e0:08:07:0c
2025-07-20 12:45:24
检测到一个ARP地址欺骗在接口(eth3): 10.0.0.88 a8:b8:e0:08:07:0b->a8:b8:e0:08:07:0c
2025-07-20 12:45:24
检测到一个ARP地址欺骗在接口(eth3): 10.0.0.88 a8:b8:e0:08:07:0b->a8:b8:e0:08:07:0c
2025-07-20 10:43:31
检测到一个ARP地址欺骗在接口(eth3): 10.0.0.88 a8:b8:e0:08:07:0c->a8:b8:e0:08:07:0b
2025-07-20 10:42:58
检测到一个ARP地址欺骗在接口(eth3): 10.0.0.88 a8:b8:e0:08:07:0c->a8:b8:e0:08:07:0b
2025-07-20 4:54:44
检测到一个ARP地址欺骗在接口(eth3): 10.0.0.88 a8:b8:e0:08:07:0c->a8:b8:e0:08:07:0b
2025-07-20 3:35:32
检测到一个ARP地址欺骗在接口(eth3): 10.0.0.88 a8:b8:e0:08:07:0c->a8:b8:e0:08:07:0b
2025-07-20 1:53:08
检测到一个ARP地址欺骗在接口(eth3): 10.0.0.88 a8:b8:e0:08:07:0c->a8:b8:e0:08:07:0b
2025-07-20 1:38:31
检测到一个ARP地址欺骗在接口(eth3): 10.0.0.88 a8:b8:e0:08:07:0c->a8:b8:e0:08:07:0b
2025-07-20 1:38:01
检测到一个ARP地址欺骗在接口(eth3): 10.0.0.88 a8:b8:e0:08:07:0c->a8:b8:e0:08:07:0b
2025-07-20 1:37:00
检测到一个ARP地址欺骗在接口(eth3): 10.0.0.88 a8:b8:e0:08:07:0c->a8:b8:e0:08:07:0b
2025-07-20 0:10:43
检测到一个ARP地址欺骗在接口(eth3): 10.0.0.88 a8:b8:e0:08:07:0c->a8:b8:e0:08:07:0b

iomect

补充 聚合方式是自适应负载均衡

iomect

查到了原因和解决方案

• arp_ignore=1：仅用主网口MAC响应ARP请求
• arp_announce=2：禁止主动广播ARP更新

echo "net.ipv4.conf.all.arp_ignore=1" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.arp_announce=2" >> /etc/sysctl.conf

sysctl -p