Do not configure your host to send network information to a virtual machine unless you are using products that use the vSphere Network Appliance API (DvFilter). If the vSphere Network Appliance API is enabled, an attacker might attempt to connect a virtual machine to the filter. This connection might provide access to the network of other virtual machines on the host.

If you are using a product that uses this API, verify that the host is configured correctly. See the sections on DvFilter in Developing and Deploying vSphere Solutions, vServices, and ESX Agents. If your host is set up to use the API, make sure that the value of the Net.DVFilterBindIpAddress parameter matches the product that uses the API.

Procedure

  1. Browse to the host in the vSphere Client inventory.
  2. Click Configure.
  3. Under System, click Advanced System Settings.
  4. Scroll down to Net.DVFilterBindIpAddress and verify that the parameter has an empty value.
    The order of parameters is not strictly alphabetical. Type DVFilter in the Filter text box to display all related parameters.
  5. Verify the setting.
    • If you are not using DvFilter settings, make sure that the value is blank.
    • If you are using DvFilter settings, make sure that the value of the parameter is correct. The value must match the value that the product that uses the DvFilter is using.