Blind spot on the other level and the security tools capability.
Attack on the data link layer is a attacking method that IPS/IDS cannot detect with their rules/signatures. Address Resolution Protocol (ARP) cache poisoning for wired clients to de-authentication of wireless clients are easily to exploit because the attacking can comes from trusted network.
You can find a good open source solution to detect this attack. Such as scapy.