VMware Cloud Community
fduranti
Hot Shot
Hot Shot
‎06-18-2013 11:55 AM

Question about SpoofGuard and multiple IP

Hi, I've some Linux machine that historically have some interface alias configured so I have an eth0 and eth0:1, eth0:2 configured with different IP Address.

Going on to do an initial approval of IP Address on SpoofGuard I saw that I don't see those aliases on the interface so I think they will not work.

Is this normal or there's some way to "approve" multiple address on a single physical interface?

I'm using vShield App 5.1.2a

0 Kudos
4 Replies
MKguy
Virtuoso
Virtuoso
‎06-18-2013 12:57 PM

The SpoofGuard feature seems pretty dumb to me, to be blunt. It seems to rely on what the VMware tools report and shuts down the port if it detects a different IP bound on the NIC. It can be easily bypassed by simply not binding the other IP to an interface, for example SpoofGuard will not block generated packets from "hping2 --spoof ba.d.i.p".

Going on to do an initial approval of IP Address on SpoofGuard I saw that I don't see those aliases on the interface so I think they will not work.

I haven't tested it myself, but if it doesn't detect your interface aliases as new IPs, then I assume it won't see any reason to block anything and just work "out of the box". Whether this behavior is really intended or satisfactory is another question.

-- http://alpacapowered.wordpress.com
0 Kudos
p_sudheer
Contributor
Contributor
‎04-30-2014 02:35 AM

Hi , Does spoofguard in vshield 5.5 support approval of  IPaddress aliases eth0:1, eth0:2 configured, so that traffic is allowed from the alias ipaddresses also?

0 Kudos
yonish
Contributor
Contributor
‎10-05-2014 02:25 PM

Hello,

Seems not be possible to set (approve) more than one ip to one mac.

in NSX it's possible.

0 Kudos
virtech
Expert
Expert
‎05-25-2016 04:28 PM

I am agree there are some serious limiations of spoof guard in vCNS, not posssible to approve secondary addresses

0 Kudos