This is little patch for ipguard, to little change default option in
reply is-at after sending fake reply for requested ip by pirate, and for requesting from legal user to pirate, when pirate ip is not lised in ethers file. 
To apply this patch, copy him to ipguard source directory and execute "patch -p1 < broadcast-headshot.patch".


Like this (this is default action)

00:a0:c9:45:bb:0b 00:02:b3:46:5c:51 0806 60: arp who-has 192.168.1.2 tell 192.168.1.1
00:02:b3:46:5c:51 00:a0:c9:45:bb:0b 0806 60: arp reply 192.168.1.2 is-at 00:02:b3:46:5c:51
de:ad:ab:81:67:4d 00:a0:c9:45:bb:0b 0806 42: arp reply 192.168.1.2 is-at de:ad:ab:81:67:4d
de:ad:ab:81:67:4d 00:a0:c9:45:bb:0b 0806 42: arp reply 192.168.1.2 is-at de:ad:ab:81:67:4d
de:ad:ab:81:67:4d 00:a0:c9:45:bb:0b 0806 42: arp reply 192.168.1.1 is-at de:ad:ab:81:67:4d

Last reply is headshot for pirate, in default he's unicast (for pirate
only) and  headshot for this ip is-at reply will contain always fake
mac like this de:ad:xx:xx:xx:xx

With this patch, ipguard will be like ip-sentinel in this action.

Like this (with patch and mac for 192.168.1.1 is not present in ethers)

00:a0:c9:45:bb:0b 00:02:b3:46:5c:51 0806 60: arp who-has 192.168.1.2 tell 192.168.1.1
00:02:b3:46:5c:51 00:a0:c9:45:bb:0b 0806 60: arp reply 192.168.1.2 is-at 00:02:b3:46:5c:51
de:ad:ab:81:67:4d 00:a0:c9:45:bb:0b 0806 42: arp reply 192.168.1.2 is-at de:ad:ab:81:67:4d
de:ad:ab:81:67:4d 00:a0:c9:45:bb:0b 0806 42: arp reply 192.168.1.2 is-at de:ad:ab:81:67:4d
de:ad:ab:81:67:4d ff:ff:ff:ff:ff:ff 0806 42: arp reply 192.168.1.1 is-at de:ad:ab:81:67:4d

Last is-at reply will send broadcast type to poison all arp caches for
this pirate ip with fake mac.

And if this ip 192.168.1.1 is present in the ethers file with for
example mac 00:0f:3d:34:8f:d0, the is-at reply will be contain this
mac from ethers file, like this

00:a0:c9:45:bb:0b 00:02:b3:46:5c:51 0806 60: arp who-has 192.168.1.2 tell 192.168.1.1
00:02:b3:46:5c:51 00:a0:c9:45:bb:0b 0806 60: arp reply 192.168.1.2 is-at 00:02:b3:46:5c:51
de:ad:ab:81:67:4d 00:a0:c9:45:bb:0b 0806 42: arp reply 192.168.1.2 is-at de:ad:ab:81:67:4d
de:ad:ab:81:67:4d 00:a0:c9:45:bb:0b 0806 42: arp reply 192.168.1.2 is-at de:ad:ab:81:67:4d
00:0f:3d:34:8f:d0 ff:ff:ff:ff:ff:ff 0806 42: arp reply 192.168.1.1 is-at 00:0f:3d:34:8f:d0

When legal user is requesting pirate ip (if this ip is not listed in ethers), then in default action ipguard send fake reply to legal user

Like this

00:a0:c9:45:bb:0b ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.2 tell 192.168.1.1
00:02:b3:46:5c:51 00:a0:c9:45:bb:0b 0806 60: arp reply 192.168.1.2 is-at 00:02:b3:46:5c:51
de:ad:ab:81:67:4d 00:a0:c9:45:bb:0b 0806 42: arp reply 192.168.1.2 is-at de:ad:ab:81:67:4d
de:ad:ab:81:67:4d 00:a0:c9:45:bb:0b 0806 42: arp reply 192.168.1.2 is-at de:ad:ab:81:67:4d

With this patch, after fake reply, ipguard send one more broadcast reply with fake mac for pirate ip

Like this 

00:a0:c9:45:bb:0b ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.1.2 tell 192.168.1.1
00:02:b3:46:5c:51 00:a0:c9:45:bb:0b 0806 60: arp reply 192.168.1.2 is-at 00:02:b3:46:5c:51
de:ad:ab:81:67:4d 00:a0:c9:45:bb:0b 0806 42: arp reply 192.168.1.2 is-at de:ad:ab:81:67:4d
de:ad:ab:81:67:4d 00:a0:c9:45:bb:0b 0806 42: arp reply 192.168.1.2 is-at de:ad:ab:81:67:4d
de:ad:ab:81:67:4d ff:ff:ff:ff:ff:ff 0806 42: arp reply 192.168.1.2 is-at de:ad:ab:81:67:4d


But this patch is not been tested with -z option, this patch is
present "as is" and the author does not bear responsibility for
possible consequences of applying this patch. You use it at your own
risk.

