hi

I use VMware vSphere ESXi 6.7 on my server.

but we have a serious problem right now. one of our VMs (possibly because of malware) send bogus DHCP discover message.

unfortunately, as we have over 120 VMs on that server we can't check them one by one. on the other hand, datacenter sends us abuse messages and warning continuously.

for instance, this is one of our abuse messages :

bogus dhcp

*  934  5e35.a83c.cd1a  dynamic  Yes          0  Gi9/38

DHCP discover sent      - Client MAC: 00:00:11:22:33:49

DHCP offer received      - Offered IP: 192.168.30.16

we have no VM which match with the above information (IP nor MAC). so it seems the VM (or whatever inside it) changes MAC Address or uses virtual NIC to communicate with data center network.

anyhow, the solution which datacenter suggest is blocking DHCP on the primary firewall.

so the question is how can I block DHCP on ESXi Firewall?

or if there is another solution to this problem, please share it!

we desperately looking for your help