This can result in an 'Attack Signatures Detected' message in the vSphere Web Client, slowing down the virtual machine and creating a point of failure if the security policy is distributed across multiple virtual servers.

Unusually large or small packets can cause the bd process to terminate. This can happen with protocols that use padding, such as ICMP, and notifying administrators with an 'Attack Signatures Detected' message.

Possible workarounds :

Disable the undisclosed protocol.

Disable the protocol in the virtual server's security policy.

Confused Networking

The following error can appear in the vSphere Web Client:

"Unable to find the host. Please verify that you are connected to the correct host."

Solution - Automated Monitoring for Unusual Behavior

VMware vSphere Enterprise Plus supports automated monitoring that identifies unusual network behavior. VMware vCenter Server uses this information to notify administrators of the attack, and in turn, leads to a faster recovery.

This can result in an 'Attack Signatures Detected' message in the vSphere Web Client, slowing down the virtual machine and creating a point of failure if the security policy is distributed across multiple virtual servers.

Unusually large or small packets can cause the bd process to terminate. This can happen with protocols that use padding, such as ICMP, and notifying administrators with an 'Attack Signatures Detected' message.

Vshield

Vshield is one of the most popular and widely used solutions for this type of traffic redirection. It can be configured to redirect hardware-accelerated L4 and L7 protocols that are sent between a virtual server and its guests. There are two types of traffic that Vshield monitors:

Network-initiated packets from the virtual server, which are delivered through the hypervisor's bd process on an ESXi host.
Packets generated by the guest operating system, sent through a VMKernel port to a bd process on an ESXi host.

Potential Mitigation

Disable the undisclosed protocol in the virtual server's security policy.

High CPU-High Memory Utilization

This can happen when the L2TP protocol is enabled on a virtual server.

Possible workarounds :

Disable the L2TP protocol.

Timeline

Published on: 10/19/2022 22:15:00 UTC
Last modified on: 10/24/2022 15:54:00 UTC

References