(IP/MAC two-way binding can manage ARP attacks, but how to find the source of the attack, nbtscan is the best tool. NBTSCAN can get the real IP address and MAC address of the PC. If there is a "legendary Trojan" doing the trick, you can find the IP/MAC address of the PC with the Trojan installed.)