arplookup 10.0.0.68 failed: host is not on local network

[Andriy Gapon]

My message log is spammed with thousands of the messages like quoted
below to the extent that this could be considered some form of an attack.
kernel: arplookup 10.0.0.68 failed: host is not on local network
kernel: arplookup 10.0.0.6 failed: host is not on local network
kernel: arplookup 10.0.0.68 failed: host is not on local network
kernel: arplookup 10.0.0.6 failed: host is not on local network

I wasn't there to see how this started, but I was able to monitor a
little bit of the process and here are my uneducated guesses. Uneducated
because I didn't examine sources yet.

There should not be any hosts with 10.0.0.0/24 addresses on this
network. There are no special routes for it on my machine, outgoing
packets should go to 'default'.

I suspect that this was triggered when an offending machine sent an arp
response packet (that was unasked for) to my machine saying that
10.0.0.X has MAC address 00:04:61:01:23:45 (note 12345). Or maybe it
broadcast an arp request asking to tell my MAC address to that machine.
And I suspect that it tricked the OS into (almost endlessly) trying to
do an arp lookup for that 10.0.0.X address. But updating arp table
failed for the obvious reason. I saw with tcpdump that my machine indeed
sent arp request for 10.0.0.X address.

I see two issues here:
1. we should not send arp requests for the addresses that are not
supposed to be on the local network(s)
2. there is no way to disable or throttle the log messages

-- 
Andriy Gapon