数据中心的ARP欺骗

我有一个专用的根服务器。我注意到 iftop 中来自 255.255.255.255 的奇怪连接。因此我试图调查它。我运行了以下命令：

 tcpdump -i eth0 ether broadcast and ether multicast

这里我每秒收到大约 100 个请求

16:21:13.174056 ARP, Request who has ****** tell ***** length 46
16:21:13.174406 ARP, Request who has ****** tell ***** length 46
16:21:13.174717 ARP, Request who has ****** tell ***** length 46
16:21:13.175351 ARP, Request who has ****** tell ***** length 46
16:21:13.175772 ARP, Request who has ****** tell ***** length 46
16:21:13.175923 ARP, Request who has ****** tell ***** length 46
16:21:13.250028 ARP, Request who has ****** tell ***** length 46
16:21:13.261960 ARP, Request who has ****** tell ***** length 46
16:21:13.334608 ARP, Request who has ****** tell ***** length 46
16:21:13.360883 ARP, Request who has ****** tell ***** length 46
16:21:13.361910 ARP, Request who has ****** tell ***** length 46
16:21:13.361919 ARP, Request who has ****** tell ***** length 46
16:21:13.363287 ARP, Request who has ****** tell ***** length 46
16:21:13.363297 ARP, Request who has ****** tell ***** length 46
16:21:13.365008 ARP, Request who has ****** tell ***** length 46
16:21:13.462835 ARP, Request who has ****** tell ***** length 46
16:21:13.464375 ARP, Request who has ****** tell ***** length 46
16:21:13.464954 ARP, Request who has ****** tell ***** length 46
16:21:13.565233 ARP, Request who has ****** tell ***** length 46
16:21:13.566120 ARP, Request who has ****** tell ***** length 46
16:21:13.567008 ARP, Request who has ****** tell ***** length 46

这对我来说看起来不正常。来自不同 IP 地址的许多请求。这是一个示例（域名已被审查）：

16:21:13.334608 ARP, Request who has mysql.example.com tell web1.example.com length 46

因此，web1.example.com 正在发送一个请求，其中 Machine/Mac-Adress 负责主机名 mysql.example.com。当我正确时，我现在可以进行 ARP 欺骗并告诉 web1.example.com 我的服务器负责 mysql.example.com.. 所以这是中间人攻击...

我只在一个提供商的一台服务器上遇到这个问题。我以前从未有过这样的经历。我的同事还认为这是数据中心中路由器/交换机的安全风险/配置错误。

下一个奇怪的事情：当我运行命令时

arp

没有任何参数，我得到了一个包含 20 个不同主机名和 MAC 地址的列表。

我有不同的服务器，也在其他提供商处。当我在其他服务器上运行这些命令时，我没有收到任何 ARP 请求，并且当我在没有任何参数的情况下运行 arp 时，我只能看到我的机器...那么这里到底发生了什么？