Folks,

My ISP is <sigh> attbi.com.  For a while now, I've been flooded with arp
"who-has" requests... up to 20/second in spurts and 1-2/second sustained
for hours.  Most of the requesting boxes are various ATTBI.com routers or
gateways, NOT client boxes.

Based on what tcpdump is telling me, most of the requests are for a very
limited range of tcp-ip addresses.

Is anyone else seeing this?

Can anyone offer an explaination for why ATT is making what looks very
much like continous sweeps to keep their ip address mapping up to date?

It almost looks like a DOS attack mounted by my ISP'idly,

-S