VMware Cloud Community
erbailey
Contributor
Contributor
‎02-29-2008 09:39 AM

MASKING VMWARE

I was wondering if it were possible to totally mask the exhistence of VMWARE on a network.

For example, I have a Dell Laptop that has an XP load on it. Lets say that I wanted to make an exact clone of that machine, give it Briged networking so it picks up it's own IP from my network. It reports though, that the system vendor is VMWARE etc. as well as a few other settings. I want to be able to have the VM show up as if it were a bran new machine. Is this possible?

Any help would be greatly appreciated.

0 Kudos
10 Replies
Dave_Mishchenko
Immortal
Immortal
‎02-29-2008 09:42 AM

Your post has been moved to the Security and Compliance forum

Dave Mishchenko

VMware Communities User Moderator

0 Kudos
oreeh
Immortal
Immortal
‎02-29-2008 10:00 AM

This is not possible.

VMware uses its on MAC address range. Even if you change the MAC the VM itself is still detectable as a VM.

0 Kudos
erbailey
Contributor
Contributor
‎02-29-2008 10:05 AM

I see,

I wasn't sure... thought I would ask the experts. I was able to work around this using a script that changes the registry keys... however this isn't the sollution to a long term plan.

Thank you for your input.

0 Kudos
continuum
Immortal
Immortal
‎02-29-2008 10:05 AM

You at least need to fake a different MAC - that will be the first thing someone may scan for.


________________________________________________
Do you need support with a VMFS recovery problem ? - send a message via skype "sanbarrow"
I do not support Workstation 16 at this time ...

0 Kudos
erbailey
Contributor
Contributor
‎02-29-2008 10:08 AM

I am not worried about the MAC, only where it reports system vendor (IE: DELL INC HKLM\Software\DELL Computers\Sysinfo)

0 Kudos
continuum
Immortal
Immortal
‎02-29-2008 10:13 AM

Oh dear - if you want to hide the existence of a VM and the person scanning your network can access remote-registry there is no chance.

There are lots of keys that are indicative for VMs


________________________________________________
Do you need support with a VMFS recovery problem ? - send a message via skype "sanbarrow"
I do not support Workstation 16 at this time ...

0 Kudos
oreeh
Immortal
Immortal
‎02-29-2008 10:17 AM

And even if the registry isn't remotely accessible you are out of luck - unless the "attacker" is a script kiddie of course.

0 Kudos
erbailey
Contributor
Contributor
‎02-29-2008 10:20 AM

Ha!

I think I presented my question all wrong. I am not trying to get something past the Network Administrator, (God No! I Love my job) I am trying to replicate or rather double the resources allocated for a particular task. VMWARE allows me to do this and worked great up until about a week ago when the issue was brought up that the VM's were not getting updated properly...

This is because the server that updates looks for a couple registry keys and as of yet I dont know what exactly it was looking for... ( that is my next stop)

I hate editing the registry to fix something, especially if there is a more stable, permanent work around available. So that is why I wondered if vmware was able to just clone the registry of the host I guess...? Adapt all the settings. Am I making sense or do I sound weird?

0 Kudos
continuum
Immortal
Immortal
‎02-29-2008 10:31 AM

> So that is why I wondered if vmware was able to just clone the registry of the host I guess...? Adapt all the settings. Am I making sense or do I sound weird?

Sounds weird - a guest using the registry of its host would simply bluescreen


________________________________________________
Do you need support with a VMFS recovery problem ? - send a message via skype "sanbarrow"
I do not support Workstation 16 at this time ...

0 Kudos
Texiwill
Leadership
Leadership
‎02-29-2008 01:04 PM

Hello,

I think I presented my question all wrong. I am not trying to get something past the Network Administrator, (God No! I Love my job) I am trying to replicate or rather double the resources allocated for a particular task. VMWARE allows me to do this and worked great up until about a week ago when the issue was brought up that the VM's were not getting updated properly...

Most of the answers were around the methods one can scan to see if a VM is in use. A hacker/cracker would use those.

This is because the server that updates looks for a couple registry keys and as of yet I dont know what exactly it was looking for... ( that is my next stop)

If you have an exact clone it may not work as the registry is cloned as well. Your keys are duplicates of an existing machine and the update software may not know how to deal with that. I would remove and add the update agents back in, that should fix the problem. You are in essence placing a new system on the network so all that the network team requires regarding this should also take place.

I hate editing the registry to fix something, especially if there is a more stable, permanent work around available. So that is why I wondered if vmware was able to just clone the registry of the host I guess...? Adapt all the settings. Am I making sense or do I sound weird?

The VM has no access to the host unless vmhgfs is in use and that is a major security hole so most people do not add that, even so they would not be able to access to registry of the Host. No you should reinstall the update code and hopefully it will do the proper thing.


Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education. As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos