Mohammed Ismail wrote:
> I thought that in the beginning and I thought I must control layer2 traffic.
> Notice that some other systems do prevent arp spoofing
> Now with secondary ip in m0n0wall we can do this>
I think you miss the point. With arp poisoning, I can see all traffic
on a given switch, and I do not even need an IP address. Apr is at
Layer 2. IP does not come in until Layer 3.
The fix is switches that limit arp floods. Of course, then you go the
the AP, and most of them can not limit arp, so your netcut guy on
wireless still can see everything in that AP.