If you are not using products that make use of the vSphere Network Appliance API (DvFilter), do not configure your host to send network information to a virtual machine. If the vSphere Network Appliance API is enabled, an attacker might attempt to connect a virtual machine to the filter. This connection might provide access to the network of other virtual machines on the host.

About this task

If you are using a product that makes use of this API, verify that the host is configured correctly. See the sections on DvFilter in Developing and Deploying vSphere Solutions, vServices, and ESX Agents. If your host is set up to use the API, make sure that the value of the Net.DVFilterBindIpAddress parameter matches the product that uses the API.

Procedure

  1. Log in to the vSphere Web Client.
  2. Select the host and click Configure.
  3. Under System, select Advanced System Settings.
  4. Scroll down to Net.DVFilterBindIpAddress and verify that the parameter has an empty value.

    The order of parameters is not strictly alphabetical. Type DVFilter in the Filter field to display all related parameters.

  5. Verify the setting.
    • If you are not using DvFilter settings, make sure that the value is blank.

    • If you are using DvFilter settings, make sure the value of the parameter matches the value that the product that uses the DvFilter is using.