We are a higher ed institution and have a large broadcast domain as part of our wireless network. I know, I know. It was a decision that was made. Broadcast and multicast are disabled. I don't need to know the cons of a large broadcast domain.
The issue is that within the last few weeks, the wireless network has been overwhelmed with ARPs from a small number of machines. These are student laptops, not owned by the institution. Basically every time one of these clients connects to wireless, it starts sending an ARP to every other client on the network. This traffic has just slowed that network down to a crawl. We have been blocking the MACs of the offending clients and having them visit our help desk to get reconnected. The common thread we are seeing is that they all have Avast AV installed (mostly free version, if that matters). When we uninstall Avast, the ARP flood stops.
1. Has anyone seen this behavior on your networks? How did you combat it?
2. Anyone have a reason this just manifested recently? I'm sure these same students have been connecting since start of the semester (January). We have made no major network config changes recently. Did Avast push something new out?
EDIT: I see there was a release on April 3rd. This is roughly the time when we started seeing this behavior.
I'm trying to find a way to stop this (other than rearchitecting the wireless network) that doesn't involve laying hands on every single affected machine every time we get new students on campus. Any help at all is greatly appreciated. Thanks in advance.