http://qs321.pair.com?node_id=1155126


in reply to ARP poisoning and redirection

$ sysctl net.ipv4.conf.all.arp_accept
net.ipv4.conf.all.arp_accept = 0

$ grep -A5 arp_accept linux/Documentation/networking/ip-sysctl.txt
arp_accept - BOOLEAN
        Define behavior for gratuitous ARP frames who's IP is not
        already present in the ARP table:
        0 - don't create new entries in the ARP table
        1 - create new entries in the ARP table

And did you verify that the attacking machine is receiving the frames? It may depend on the switching equipment and configuration, things like port binding, mac filtering. I doubt this whole approach might hold much promise.

Sharing the login credentials could make sense if it is to provide terminal access, but to have open remote logins... Sounds like the security in your playground is fundamentally broken, perhaps it is by choice.