On Wed, 14 Jun 2006, Suresh Ramasubramanian wrote: > > http://thespamdiaries.blogspot.com/2006/02/new-host-cloaking-technique-used-by.html > > * Monitor your local network for interfaces transmitting ARP > responses they shouldn't be.
how about just mac security on switch ports? limit the number of mac's at each port to 1 or some number 'valid' ?
