How do I protect myself from ARP spoofing as a client?

Question

Network topology:

Public AP <-WiFi-> Raspberry Pi (NAT #1) <-Ethernet-> WiFi AP (NAT #2) <-WiFi-> Clients

Situation: I'm connecting to a dormitory access point that's shared with a lot of other people. When the going gets tough, I do an ARP-spoof attack on the network using an Android app called "NetCut", or wifikill/netcut on Linux.

Lately, I've noticed someone else has apparently learned how to do such an attack.

As a client, with no access to the router (but root access on my own Linux machine), how do I circumvent an ARP spoof done by someone greedy?

---

Possible (but not applicable) duplicates:

• Admin access to router: How to figure out that someone is ARP spoofing me and what to do against it?
• This admin has full access to their router: arp spoofing protection on LAN
• Possibly outdated information: How to tell if you're being ARP poisoned?
• Does not seem applicable: How should this system be protected from ARP spoofing?
• Describes attack, not defense: Arp Spoofing Causing Dropped Connections
• Describes attack, not defense: ARP poisoning attack consequences
• Windows: How to prevent an arp poisoning attack (from the client's POV)

Answer 1

You could disable ARP completely: (assuming your network device is eth0) ip link set dev eth0 arp off Then, you will need to manually add static ARP entities to any host you want to talk to using the arp command.

However, the attacker could still spoof your address, such that the gateway or other hosts thinks that the attacker is you.