My pfSense firewall running arpwatch detected one of our ancient Server 2003 boxes doing this: May 1 10:11:54 kernel: arp: 10.1.1.12 moved from XX:XX:XX:XX:XX:0c to XX:XX:XX:XX:XX:08 on bge0 May 1 10:10:46 kernel: arp: 10.1.1.12 moved from XX:XX:XX:XX:XX:08 to XX:XX:XX:XX:XX:0c on bge0 Every ~1hr 30m or so. Has anyone seen this before? This is a Broadcom card on a Dell server. Was possible thinking Dell OOB software or some other OOB transport could be doing this. If it is Dell based, where/what should I look for to disable/remove? Current A/V and Malwarebytes not detecting anything. The server is slated to be upgraded shortly, my concern is that it might need to be trashed instead. This Box has no direct connectivity to the outside world, but is sitting next to a box that is.