possible arp spoofing

[greg gede <mymilis2000 () yahoo com>]

i've got a bunch of email from arpwatch telling me
that there are flip flop and changing ethernet
address. does this mean there's an arp spoofing going
on in my network?? how do i stop this?? these users
also reported that their operating system told them on
their screen there's another machine using the same
ip# as theirs and their connection to the network was
also disconnected.

i notice that most of the mac address flip flop are
using the same mac address which is 0:c0:26:2b:d0:1d.

here's the arpwatch email sample :
1.
 hostname: CAHYADI
          ip address: 192.168.5.44
    ethernet address: 0:80:48:1e:27:32
     ethernet vendor: Compex, used by Commodore and
DEC at least
old ethernet address: 0:c0:26:2b:d0:1d
 old ethernet vendor: <unknown>
           timestamp: Monday, November 3, 2003
14:21:06 +0700
  previous timestamp: Monday, November 3, 2003
14:13:56 +0700
               delta: 7 minutes

2.
hostname: DENY
          ip address: 192.168.5.105
    ethernet address: 0:2:b3:17:81:33
     ethernet vendor: <unknown>
old ethernet address: 0:c0:26:2b:d0:1d
 old ethernet vendor: <unknown>
           timestamp: Monday, November 3, 2003
14:16:22 +0700
  previous timestamp: Monday, November 3, 2003
14:15:22 +0700
               delta: 1 minute

there are many more..... please help...

regards,
gregor

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree

---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------