ejward
Expert
Expert

Server 2008 sees all physical NICs on host !!!!

Server 2008 sees all physical NICs on host !!!! I've just started using Server 2008 VMs on ESX v3.5. We use BGInfo on our servers to display IP address, Mac address, etc on our backgrounds. On server 2008, BG info shows the MAC address of all the physical NICs in the ESX host !!! See attached screenshot. This is reproducable with every server 2008 VM I create on any host I put it on.

Does anybody else see this? Does anybody else see this as a huge gaping security hole? Isn't the point of Vmware to NOT be able to see this stuff.

0 Kudos
28 Replies
dominic7
Virtuoso
Virtuoso

What output do you get from

"netsh interface dump"

?

0 Kudos
ejward
Expert
Expert

A netsh show interface only shows a single NIC.

0 Kudos
Draconis
Enthusiast
Enthusiast

Strange he gets duplicate mac addresses. Not sure if that is normal for BGInfo.

If you have found my answer helpful or correct, please consider awarding points.
0 Kudos
Dave_Mishchenko
Immortal
Immortal

Are you running a recent version of BGInfo? - http://forum.sysinternals.com/printer_friendly_posts.asp?TID=9059

Are all the MAC addresses listed related to the VM or host?

0 Kudos
ejward
Expert
Expert

Only one MAC address is related to the VM. The rest on on the ESX host.

I'm not sure of the version of BG Info but, does that really matter? The VM shouldn't be able to see physical hardware that's not assigned to it, right? I opened a ticket with VMware. If I don't hear back from them soon, I'll snapshot this VM then try the new version.

0 Kudos
mittim12
Immortal
Immortal

I come across this thread last night and figured I would test it out and see if we received the same results. Using BGINFO v 4.9 on a Windows 2008 Server does indeed show all Mac addresses associated with that ESX host for us as well. I will keep playing with it and will update the thread if I have any new information.

0 Kudos
ejward
Expert
Expert

I come across this thread last night and figured I would test it out and see if we received the same results. Using BGINFO v 4.9 on a Windows 2008 Server does indeed show all Mac addresses associated with that ESX host for us as well. I will keep playing with it and will update the thread if I have any new information.

You would think that Vmware technical support could take just 10 minutes and try it themselves rather than bombarding me with questions.....

I wonder what would happen if I did it on a server that didn't have one of the newer CPUs that is virtualization aware. The reason i say this is because Server 2008 has virtualization "hooks" built into it. It was designed to run virtual almost from the beginning. On Microsoft's virtualization platform but, virtual none the less. I wonder if that has something to do it?

0 Kudos
Draconis
Enthusiast
Enthusiast

I believe Windows 2008 is still in the Experimental Support phase ( Page 31). That is only for Virtual SMP though.

If you have found my answer helpful or correct, please consider awarding points.
0 Kudos
ejward
Expert
Expert

Generally, Vmware will tell you as you are creating a VM, that something is experimental. For 3.0, it did say "Experimental" for server 2008. In 3.5, I don't see experimental anywhere. Even if it is still experimental for SMP, this is a single CPU VM.

Also, tech support should have told me if it was experimental right away. This is just my opinion though.

0 Kudos
wila
Immortal
Immortal

Regardless of the OS you used, the vmware tools used, the BGInfo used... if this is possible then there IS a HUGE GAPING security issue.

I assume your administrative network is in its own isolated LAN? (Security Best practices, it would mitigate this hole, but it shouldn't be possible either way)

--

Wil

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva
0 Kudos
Jeffy210
Contributor
Contributor

Have you tried using a program like Process Monitor () to see what it happens to be accessing at the time it creates the background. That may help at least lead to what is exposing the underlying phyiscal hardware. I may try that today if I have some time.

0 Kudos
hphuhtin
Enthusiast
Enthusiast

Those MAC addresses may be visible on the network, so it is possible to get them without breaking security.

Do you still see the macs if you disconnect the virtual NIC and reboot the server?

edit: typo

0 Kudos
ejward
Expert
Expert

Those MAC addresses may be visible on the network, so it is possible to get them without breaking security.

Do you still see the macs if you disconnect the virtual NIC and reboot the server?

edit: typo

I deleted the network from this VM, rebooted, and I get the same thing.

0 Kudos
spex
Expert
Expert

Did you verify, that the mac adresses come from the nics within your esx server - do they match?

There are many default adapters in windows2008 (wan miniport, ras async,...) that have a mac address from the beginning.

Regards

Spex

ejward
Expert
Expert

Did you verify, that the mac adresses come from the nics within your esx server - do they match?

There are many default adapters in windows2008 (wan miniport, ras async,...) that have a mac address from the beginning.

Regards

Spex

Really? I didn't see this on physical servers we set up with 2008. I'll have to check.

0 Kudos
ejward
Expert
Expert

Anybody know how I get the MAC addresses of the physical NICs? esxcfg-nics -l doesn't show it.

0 Kudos
espi3030
Expert
Expert

To get MAC addresses from service console try ifconfig.

0 Kudos
spex
Expert
Expert

ifconfig is enough.

Regards

Spex

0 Kudos
ejward
Expert
Expert

Those MAC addresses are NOT coming from the physical host. I'm going to Vmotion the VM to another host and see if they change.

0 Kudos