>> IPv6 doesn't have this problem, as the MAC addresses are included in the last 64 bits of the IPv6-address.
Cool, i didn't know that.
>>Is there a good solution to this problem?
Not that i know of. MAC addresses can change so they can't really be bound to a port. So long as there is a mechanism to update the MAC adresses there will be a way to abuse that mechanism. I suppose you could go super extreme and have encrypted authentication by a user with update privaleges and only allow them to touch the ARP Cache or something like that. But then new computers on the network need to be manually added by a user with the authority.
Cool article and program btw, Ill add that link to my OP.