I thought about prevention of ARP-Poisoning and came up with the following ideas:
The question here to me is what you are trying to accomplish. I can see a couple of things resulting from ARP poisoning in the subnet your server is in. I can see others mimicking your web site and tricking visitors this way. I can also see a complete denial of service against your server. One other possibility is that they could mimic your path of administration as well and thereby learning, e.g. your user password from a telnet session across their machine. One thing you need to be aware of is that measures against arp poison on your host alone won't really help a lot, you need to at least protect the router as well to avoid most problems. Since you probably have no influence on the router, you're left with the following answers to the problems I saw: 1. Pretend web site: This one can be solved by using an SSL server certificate for your WWW server name. It breaks if someone is successful in acquiring a certificate that a visitor of yours will accept. 2. Denial of Service: You need a static arp entry on the router to prevent this. A rogue host on the same subnet as your host can probably DoS it in a variety of other ways, though. This kind of thing becomes evident very quickly and it is very easy to trace the source of the attack, though, so I don't think the risk is that high. If you're scared of this kind of thing, you need to take the server to a network of your own. 3. Hack the admin: Don't use telnet, FTP or any other clear-text protocols. If using SSH, use Strict Modes and public key authentication in favour of passwords. Cheers Tobias