Hyper-V Program Manager
A recent post to the Hyper-V TechNet Forums asked what could be done to protect against ARP spoofing from an untrusted virtual machine.
If you are unfamiliar with ARP spoofing – you can read more about it at WikiPedia: http://en.wikipedia.org/wiki/ARP_spoofing – but the short summary it is a process where a computer pretends to have the IP address of another computer, and successfully gets network traffic that is destined for the target computer redirected to the untrusted computer.
Fortunately, we added functionality to protect against just such an attack in Windows Server 2008 R2 SP1.
Thomas Roettinger, one of our Premier Field Engineers, just posted a sample script that allows you to configure this functionality. Essentially, this script allows you to specify what IP addresses a virtual machine is allowed to use – and any attempt to use a different IP address will be ignored by the Hyper-V virtual switch.
Is it possible to get any alerts in SCOM when someone is trying to do an arp spoof ?