Some users on my network using wifikill or netcut to prevent other users from accessing the internet
[ ISP's router: public IP ] - [ gateway: public IP eth1 - network eth0 (NAT) ] - [ switch and access point ] - [ clients ] all other computer connects to eth0 as gateway, using Wifi or LAN..
how to prevent one client poison other clients arp cache, the gateway is using Linux?
arpon seems has no effect..
or is there any product (switches and access point) that has ARP spoofing protection?
Configure your switch to use Private VLANS (PVLANS). PVLANS basically say that physical ports Gi1/1 - 47 can only talk to physical port Gi1/48 (where your gateway is). Even things on the same subnet must go through the gateway to talk. In a setup with N hosts there is generally no reason for the hosts to talk so a PVLAN config is optimal for security.
ARP (or anything for that matter) that originates from a host can simply not reach the other hosts.
Some of the solutions I can think of are:
If you know the antagonist, catch hold of them and try to know why they are doing this and maybe block them. That is one of the best way to stop the attack. Else,
If the network is small, you can use static IP addresses and static ARP tables. " arp -s" command will be useful in that case on your linux machine.
It seems Cisco have a solution in one of their products. It performs ARP inspection and drops strange ARP responses.
In one of the question on this forum I read Huawei also have some patents for ARP poisoning, though I am not able to find the link to it.
If people who are attacked, put in a static arp entry for the router gateway, they would not be able to be poisoned to goto the attackers machine instead as most of these programs do.
It does however require that they do that manually.
There is no other way unless you have hardware to help you out.
antidotewhich can alert you if you are being attacked.