I encountered massive ARP attacks these days.My Winarpattack gives nonstop warning that someone is banning my access to gateway.Luckily,the noob attacker doesn't do sniff stuff but just want to disconnect me. It gives me a very good chance to do some tests with somebody's willing help. But I can't explain all these strange issues happened to my computer. I use PC Tools firewall currently and firefox with torbutton. I have do these puzzling tests for some days and got these issues that I can't explain. I set a rule in PCT fw which block all TCP and UDP connection with the attacker's ethernet address(Mac address).And turn on Winarpattack's protection function.I still get disconnected only if I use Tor to visit sites!Why is tor survive in this ARP attack? After that,I noticed in the fw log,that the rule I created above blocked my outbound connection with the DNS server which has the same MAC address with the attacker's PC.Maybe that's why I can't visit sites without tor?So I modified the rule to give an exception to allow remote port 53(DNS server port).Then I can surf the net again without tor.But,when he's not attacking me,blocking all the TCP and UDP(including the outbound DNS request) won't hinder me from visiting sites.It means my outbound DNS request has something to do with the ARP attack.Why is that? In a lan,is one of the pc usually set as a DNS server?Then why do they have the same mac address. I have done more tests which just make me more puzzled.I think I'd better hold on here at the moment. This thread is only for technique discussion.So let's just stay away from the topics like why does he wanna attack you. p.s 1.Hope my bad english has made my point clear. 2.How I wish to have a firewall that can beat ARP attack.