Originally Posted by leftybeaver
How would one manage to only allow a specific MAC address coming in for the router?
I didn't say router, I said switch. (routers operate at layer 3 not layer 2)
and to do this you'd hard code an entry into the arp translation table of the switch and make sure it's set to static and not dynamic.
depending on your school/equipment provider the arp translation table may be known as.
Apr resolution tables
basically they tie the physical hardware (Mac) address to a hardware port.
e.g. traffic destined for "some-MAC" should leave via interface 2.
your arp spoofing is trying to make the router believe that hardware address "some-MAC" has actually be re-patched to interface 3.
the table keeps track of what device (hardware addressed at layer 2) is plugged into what interface (layer 1).
if your arp cache is dynamic, then Mac spoofing is possible, if it's static then how will you update an arp cache that is set to not be update-able other than by privilege 9 on the switch?
as for detecting a flood of MAC addresses, this is also useful for helping to make sure that some idiot hasn't brought in a hub so that he can plug in a few different machines and his personal laptop into his 1 network port in his office