>But in real life, the spoofing machine would never be requested to respond >to arp anyway, because in real life the spoofer should be on the other side >of your firewall router. If the spoofer and spoofee are on the same ether- >net then there are serious internal problems that go beyond the scope of >firewalls!! But such problems are the stock-in-trade of those of us at Universities.