$ sysctl net.ipv4.conf.all.arp_accept
net.ipv4.conf.all.arp_accept = 0
$ grep -A5 arp_accept linux/Documentation/networking/ip-sysctl.txt
arp_accept - BOOLEAN
Define behavior for gratuitous ARP frames who's IP is not
already present in the ARP table:
0 - don't create new entries in the ARP table
1 - create new entries in the ARP table
And did you verify that the attacking machine is receiving the frames? It may depend on the switching equipment and configuration, things like port binding, mac filtering. I doubt this whole approach might hold much promise.
Sharing the login credentials could make sense if it is to provide terminal access, but to have open remote logins... Sounds like the security in your playground is fundamentally broken, perhaps it is by choice.