Well this is my work done for today. Simple explanation of ARP Poisoning and attack vectors. Any problems let me know. I'll be adding further papers very soon.
you should also mention how to prevent it from a user standpoint (like setting static ARP tables/setting port security on a switch/etc)
also, i still want someone to explain how one can bypass this in a proxy-ARP environment (where the router responds directly on behalf of the host you wish to initiate communication w/)
My knowledge on proxy arp is limited but from what I know if it was bypassable it would make the feature (which is on a lot of CISCO kit) completely redundant as it's on by default if I remember. The people who have had this implemented I know had endless problems with wrong configs, masks, subnets etc. It also doesn't neccessarily have to be the router setup to respond, it could be from the firewall which would give the ability for a DMZ. That would be one hell of a network.
I'll include protection in a later release as I'm working on another paper at the moment.