Devices sending more than 360 ARP requests per minute will be identified by MAC address and COWLS FroDos will not respond to further ARP requests from this MAC address for 1 hour.
A record of devices detected as exceeding this threshold is available to registered ITSS in Teams > ITSS Community > Technical > Files > arp source-mac attacks detected.
Further information
Rationale and technical background for this scheme were shared on the itss-discuss maillist at its inception in November 2021.