> Yeah - I see now how this could be some sort of DoS attack.
> 
> And yes, you are correct - we certainly shouldn't be doing
> proxy arp unless told to do so.  For any given interface, 
> we should only respond to ARP requests for our IP address(es)
> on _that_ interface.

Yes. Thats what the code in sys/netinet/if_arp.c:in_arpinput() ensures (or
at least, tries to). Furthermore, I can't see how you could enter, at least
from the command line, an arp entry for 127.0.0.1 ... normally.

Did the machine in question _ever_ (since reboot) have 127.0.0.1 assigned
to the Ethernet interface?

	-is