По поводу будущего ;)
Можно следить за тем, какой MAC какой IP использует. Т.е. следить за сопоставлением IP<=>MAC.Вот что есть: /usr/ports/net-mgmt/arpwatch
This directory contains source code for arpwatch and arpsnmp, tools
that monitors ethernet activity and maintain a database of ethernet/ip
address pairings. It also reports certain changes via email.
Или вот ещё: http://www-user.tu-chemnitz.de/~ensc/ip-sentinel/
This program tries to prevent unauthorized usage of IPs within the local ethernet broadcastdomain by giving an answer to ARP-requests. After receiving such a faked reply, the requesting party stores the told MAC in its ARP-table and will send future packets to this MAC. Because this MAC is invalid, the host with the invalid IP can not be reached.