6 Replies Latest reply on Jul 2, 2018 1:52 AM by Finikiez

    NSX 6.4 \ Possible DHCP DOS attack seen on the host

    Finikiez Master
    vExpert

      Hi everybody,

       

      I have NSX 6.4 with several vxlans and software router between them (not an ESX Edge) without a rout to external network.

       

      Since I've migrated everything from NSX 6.3 to NSX 6.4 I've got  Warnings with the following text

       

      "Possible DHCP DOS attack seen on the host. Please refer to NSX Manager and VM Kernel logs for details."

      In NSX Manager's System Events I see messages like

       

      Event DHCP_STARV occurred 2400 times on host <hostname>

       

      vmkernel log referes to MAC address of software router

      2018-04-06T15:19:03.404Z cpu4:1167695)WARNING: dvfilter-switch-security.throt: SwSecDhcpSnoopTx:600: nic-1167694-eth2-dvfilter-generic-vmware-swsec.1: Possible DHCP DosAttack on port 50331681(13724) 1 times from Mac :

       

       

      I couldn't find anything related to this new feature of NSX.

       

      Is this somethig I should worry? Or this are false alarms?