I did a scanning with Nmap as the parament below:
root@attacker# nmap -sS -P0 myserver.com
Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-20 15:02 ICT
Interesting ports on 203.153.167.169.sta.isp-thailand.com (203.153.167.169):
Not shown: 1692 filtered ports
PORT STATE SERVICE
25/tcp open smtp
53/tcp open domain
80/tcp open http
443/tcp closed https
1935/tcp open rtmp
MAC Address: 00:50:56:81:1C:90 (VMWare)
Is there any way to prevent VM expose the red info above?
The mac address that vmware products assign to virtual machines are always in ranges that VMware own to avoid conflicts with other vendors. When you\re using bridging (or esx) these mac addresses will be visible on the local network. It is however possible to change the mac address[/url] from inside the VM, but atleast on esx this can be prevented by the product, because allowing VMs to use fake mac addresses might also have some (security) implications.
Lars
Within the guest operating system, you can change the MAC address to a desired value that doesn't begin with the prefix "00:50:"
What is the guest OS? If I know this, I can provide some additional assistance.
My concern is I want to remove VMWare label not to change the MAC.
nmap is putting the VMware label label based on the MAC address. Each vendor for NICs has specific ranges and VMware is no different. Here's a list of ranges / vendors that you can refer to - http://standards.ieee.org/regauth/oui/oui.txt. If you change the MAC in the OS to something out of the VMware ranges - for example to start with 00-05-68, then nmap would check it's mac-prefixes database and come up with another vendor.
Or see the link I provided above as it contains info on changing mac on
windows, linux and bsd.
Lars
Just to illustrate, below is the result of an nmap scan on a test VM, using the VMware-generated MAC address:
########
$ sudo nmap -sS -P0 192.168.15.237
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-10-21 09:56 MDT
Interesting ports on 192.168.15.237:
Not shown: 1677 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
MAC Address: 00:50:56:A1:50:34 (VMWare)
########
And, here is the result after I changed the 00:50.. to 00:15.. within the guest OS:
########
$ sudo nmap -sS -P0 192.168.15.237
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-10-21 09:57 MDT
Interesting ports on 192.168.15.237:
Not shown: 1677 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
MAC Address: 00:15:56:A1:50:34 (Sagem SA)