Server 2008 sees all physical NICs on host !!!! I've just started using Server 2008 VMs on ESX v3.5. We use BGInfo on our servers to display IP address, Mac address, etc on our backgrounds. On server 2008, BG info shows the MAC address of all the physical NICs in the ESX host !!! See attached screenshot. This is reproducable with every server 2008 VM I create on any host I put it on.
Does anybody else see this? Does anybody else see this as a huge gaping security hole? Isn't the point of Vmware to NOT be able to see this stuff.
What output do you get from
"netsh interface dump"
?
A netsh show interface only shows a single NIC.
Strange he gets duplicate mac addresses. Not sure if that is normal for BGInfo.
Are you running a recent version of BGInfo? - http://forum.sysinternals.com/printer_friendly_posts.asp?TID=9059
Are all the MAC addresses listed related to the VM or host?
Only one MAC address is related to the VM. The rest on on the ESX host.
I'm not sure of the version of BG Info but, does that really matter? The VM shouldn't be able to see physical hardware that's not assigned to it, right? I opened a ticket with VMware. If I don't hear back from them soon, I'll snapshot this VM then try the new version.
I come across this thread last night and figured I would test it out and see if we received the same results. Using BGINFO v 4.9 on a Windows 2008 Server does indeed show all Mac addresses associated with that ESX host for us as well. I will keep playing with it and will update the thread if I have any new information.
I come across this thread last night and figured I would test it out and see if we received the same results. Using BGINFO v 4.9 on a Windows 2008 Server does indeed show all Mac addresses associated with that ESX host for us as well. I will keep playing with it and will update the thread if I have any new information.
You would think that Vmware technical support could take just 10 minutes and try it themselves rather than bombarding me with questions.....
I wonder what would happen if I did it on a server that didn't have one of the newer CPUs that is virtualization aware. The reason i say this is because Server 2008 has virtualization "hooks" built into it. It was designed to run virtual almost from the beginning. On Microsoft's virtualization platform but, virtual none the less. I wonder if that has something to do it?
Generally, Vmware will tell you as you are creating a VM, that something is experimental. For 3.0, it did say "Experimental" for server 2008. In 3.5, I don't see experimental anywhere. Even if it is still experimental for SMP, this is a single CPU VM.
Also, tech support should have told me if it was experimental right away. This is just my opinion though.
Regardless of the OS you used, the vmware tools used, the BGInfo used... if this is possible then there IS a HUGE GAPING security issue.
I assume your administrative network is in its own isolated LAN? (Security Best practices, it would mitigate this hole, but it shouldn't be possible either way)
--
Wil
Those MAC addresses may be visible on the network, so it is possible to get them without breaking security.
Do you still see the macs if you disconnect the virtual NIC and reboot the server?
edit: typo
Those MAC addresses may be visible on the network, so it is possible to get them without breaking security.
Do you still see the macs if you disconnect the virtual NIC and reboot the server?
edit: typo
I deleted the network from this VM, rebooted, and I get the same thing.
Did you verify, that the mac adresses come from the nics within your esx server - do they match?
There are many default adapters in windows2008 (wan miniport, ras async,...) that have a mac address from the beginning.
Regards
Spex
Did you verify, that the mac adresses come from the nics within your esx server - do they match?
There are many default adapters in windows2008 (wan miniport, ras async,...) that have a mac address from the beginning.
Regards
Spex
Really? I didn't see this on physical servers we set up with 2008. I'll have to check.
Anybody know how I get the MAC addresses of the physical NICs? esxcfg-nics -l doesn't show it.
To get MAC addresses from service console try ifconfig.
ifconfig is enough.
Regards
Spex
Those MAC addresses are NOT coming from the physical host. I'm going to Vmotion the VM to another host and see if they change.