vpcではarpスプーフィング対策あり。でも完全ではない？どこがだろう。
仮想ネットワークでは、仮想マシンが発行したarpリクエストはネットワークを流れず、仮想ネットワークのデータベースを検索して、arp応答が返されるのだろう。対策完全な気もする。仮想マシンでarpリクエストを送ったらとどくのかも。

https://blog.hatena.ne.jp/pikesaku/pikesaku.hatenablog.com/edit?utm_source=admin_touch_myblog&utm_medium=referral&utm_campaign=new_entry

Moreover, while address resolution protocol (ARP) packets trigger an authenticated database look-up, ARP packets never hit the network as they are not needed for discovery of the virtual network topology. This means ARP spoofing is highly improbable on the AWS network. Also, promiscuous mode does not reveal any traffic other than traffic bound to and from the customer operating system. Customers can set precise rules for traffic ingress and egress which allow for increased connectivity flexibility, and enable more customer control over traffic segmentation and routing.