changed bridge mac to another (not equal to any interface mac in router) and i get no "arp poison" for 3 days
added rule to firewall to reject tpc/udp input/forward 53 port and i get no "dns cache poison" for 3 days too =)

Chances are something else is arp poisoning the network then. See if you can find out the MAC address that is doing so in the machine that is generating those logs, and track it down that way. You might be able to check the arp-table of it for the information. good evening , is it normal if brigde ...

Do you have proxy-arp enabled on any interface? Are you running the hotspot service? Both of those would arp poison a network. NO and NO =( and i have my problem again with wifi clients connected eset firewall log (attack detected) 20.11.2011 19:25:53 Обнаружена атака ARP cache poisoning 192.168.66...

What kind of devices are connecting to the wireless? It sounds like a client problem more than anything, I'm not seeing anything weird in the configuration. You can try setting the horizon option in the bridge port. This prevents traffic coming in on one port of the bridge from leaving another port...

What kind of devices are connecting to the wireless? It sounds like a client problem more than anything, I'm not seeing anything weird in the configuration. You can try setting the horizon option in the bridge port. This prevents traffic coming in on one port of the bridge from leaving another port...

Hi :D My english is bad and i am new to Mikrotik products so dont kill me =) 493g+r52Hn ,i get ip from isp via dhcp client, all interfaces in brige except one connected to isp : If something is connected by wire as dhcp client than every new wireless connection makes gate unavailable for wired clien...