- ARP Discover (arpdiscover), an Ethernet scanner based on ARP protocol;
- ARP Flood (arpflood), an ARP request flooder;
- ARP Poison (arppoison), for poisoning switches’ MAC address tables.
I decided to restrict Internet access from my LAN to known IP/MAC pairs only. Primary to block Internet access from my PS3, virtual machines and computers that do not need it. Simplest way to achieve this on Linux: filter packet coming from LAN interface in FORWARD chain.
On OpenWRT custom firewall rules can be defined in /etc/firewall.user. Before creating rules we need some method to create and (easily) maintain IP/MAC pairs. I decided t use /etc/ethers and /etc/hosts that already contains MACs, hostnames nad IPs (used by dnsmasq).