Is there any way to identify the address of a device that performs arp spoofing and dropping traffic for such device with a firewall filter in ROS?

In the absense of this would it be possible to add something such as arpwatch (http://en.wikipedia.org/wiki/Arpwatch) to ROS to enable one to add such addresses to an address list which one can then filter?

Although the feature will still be usefull I solved my problem as detailed in the following post:

http://forum.mikrotik.com/viewtopic.php?f=2&t=30182

ARPWatch is strongly needeed Mikrotik feature for our ISP network.
Where to vote???

+1. It happens at least once a year here. Would be a very good feature to have

+1, arpwatch really need on ROS.