Can someone please explain this linux server error ARPWatch Flip Flop

Question

My VPS provider just suspended my VPS, and they showed me this below error in the server log, claiming that this is the reason for suspension.

I don't understand what this error is. Can someone explain?

OS is centos6 OS I think.

Apr 10 14:52:46 box4 arpwatch: flip flop 176.123.7.1 fa:ed:21:37:78:97 (00:24:dc:7b:5f:c0) ens18

Apr 10 14:52:46 box4 arpwatch: flip flop 176.123.7.1 00:24:dc:7b:5f:c0 (fa:ed:21:37:78:97) ens18

Apr 10 14:52:48 box4 arpwatch: flip flop 176.123.7.1 00:24:dc:7b:5f:c0 (fa:ed:21:37:78:97) ens18

Apr 10 14:52:50 box4 arpwatch: flip flop 176.123.7.1 00:24:dc:7b:5f:c0 (fa:ed:21:37:78:97) ens18

Apr 10 14:52:52 box4 arpwatch: flip flop 176.123.7.1 00:24:dc:7b:5f:c0 (fa:ed:21:37:78:97) ens18

Answer 1

From the arpwatch manual (the service that generated the error you posted):

Flip Flop: The ethernet address has changed from the most recently seen address to the second most recently seen address.

It would seem that the hosting provider does not allow network interfaces to change their MAC address, and this log is saying that it was.

ARP -- address resolution protocol -- is the networking protocol that allows machines to find the current hardware address (MAC address) connected with an IP address. These connections, once requested, are stored in an ARP Table in routers/switches/etc.

ARP Poisoning, is when a machine replies to the "who has IP address x.x.x.x" query on the network, either completely fraudulently, or by nature of having two machines on the network with network interfaces with identical MAC addresses. The table is said to be poisoned because traffic will now be routed to the malicious/miss-configured machine.

Hope that helps.