On Thu, Apr 30, 2009 at 5:22 PM, Mohammed Ismail <m dot ismael at gmail dot com> wrote:
> With Special requirements in DHCP server which FreeBSD provides,
> And the secondary IP option, IPfilter.
> if you assigned to a client 10.10.10.30/32 with Default Gateway 22.214.171.124
> and block all traffic to 10.0.0.1 except DHCP and DNS, ICMP 8 and 11 to have
> Ping and trace route working
> this client will only see and talk with 126.96.36.199 only.
No. ARP is layer 2, and unless you segregate the network into multiple
broadcast domains, or implement other controls on your switches,
you're doing nothing to prevent or limit ARP poisoning. It makes no
difference what IP or subnet you're using, if I'm on the same
broadcast domain as you and your switch doesn't prevent it, I can ARP