The real issue is an underlying flaw in the BSD stack when a device is set to promiscuous mode.
In Open Transport (Mentat/TCP), each client of a network device (Data Link Provider) registers or binds with that device to indicate which packets it wants to receive. The Local IP stack should only want to see IP packets addressed to an IP interface, but the BSD stack has no such concept so when a device is set to promiscuous mode for some other tool, the resident TCP/IP stack sees everything and responds according to its rules by forwarding packets that are not addressed to it, sending ICMP redirects, TCP Resets, etc.

A possible work around is to configure ipfw
to reject IP datagrams that are not addressed to a local IP interface.

- Peter Sichel
www.sustworks.com