The ONLY way to really mitigate netcut and programs like it on a hotspot is to build out your layer2 network in such a way that prevents people from being able to use these programs. There is no solution that is built into any router that will solve this for you. If you want to to block it, this means that you MUST invest in the hardware that you install that has the very features that you need and want. This question comes up very often, and the answer is always the same, invest in the layer2 network to prevent it. Get switches that either do VLANs or port isolation, dhcp-snooping, etc. Get access points that do client isolation (turn off default forwarding on MT radios) to prevent clients from talking to each other over the radio. These will put the protection at the edge of the network where it needs to be in order to prevent people from talking to each other directly. In order for a device to prevent traffic from going between hosts, it must first go over that device. Because of this a layer3 device cannot block communication on layer2, one does not need to traverse the router to talk to another host.
Handing out a /32 is very easy to get around, all I do is have to assign myself a static IP and a larger subnet, and then I can scan the network and find the IP/MAC of any machine on the network within my subnet. It also does nothing to prevent a someone from installing their own DHCP server on their machine and handing out leases on the network, or from taking over the MAC and IP of your default gateway causing problems for clients on the network, or any other number of potential intentional or accidental things that end users do with their hardware. At most it is an annoyance to someone that wants to do this, and may prevent a general user from using a program like this, but it offers no real protection at all.