i am not sure of the bridge, but imho, its the only possibility.do you think this can happen very often when somebody bridges their cards accidently? I've never heard such issues before
i cant control users to not to make bridges etc. that is right.if someone from LAN complains, tell him that the reason is that user with bridge - it's not your trouble! why the hell should you answer the malicious actions of other users?
if somebody has stolen your car and knocked down somebody - it's not your problem again =)but the box that is doing arp spoofing is mine,anyways.
arp spoofing box is not an infected workstation, it is the design of hotspot.ooooooooops if its really an ARP poisoning (i wish is is not) only GOD can save you. if suffer a lot by this issue and my entire wisp network become a fish market. but i don't know how i came out with it, i remember i disallow all the wlan interface and allow them one by one only after formating the computer and installing a decent anti-virus in each computer.
then only i was able to was able to make my network stable agian
hope this helps