in reply to ARP poisoning and redirection
$ sysctl net.ipv4.conf.all.arp_accept net.ipv4.conf.all.arp_accept = 0 $ grep -A5 arp_accept linux/Documentation/networking/ip-sysctl.txt arp_accept - BOOLEAN Define behavior for gratuitous ARP frames who's IP is not already present in the ARP table: 0 - don't create new entries in the ARP table 1 - create new entries in the ARP table
And did you verify that the attacking machine is receiving the frames? It may depend on the switching equipment and configuration, things like port binding, mac filtering. I doubt this whole approach might hold much promise.
Sharing the login credentials could make sense if it is to provide terminal access, but to have open remote logins... Sounds like the security in your playground is fundamentally broken, perhaps it is by choice.