[PLUG] Are cheap switches with flawed VLANs safe enough?
Cy
plug at fedicy.us.to
Tue Jun 7 17:41:43 UTC 2022
On Mon, 6 Jun 2022 15:33:57 -0700
Eric House <eehouse at eehouse.org> wrote:
> suggesting that the VLAN implementations in consumer grade switches from
> both TP-Link and Netgear are insecure.
>
> Can anybody tell me how worried I should be about this? Should I:
I'm not an expert on this to say the least, but as far as I can tell the only security
risk is if you have two VLANs. A switch that's supposed to transport
packets for two separate VLANs can in some cases transport packets from one VLAN to the
other, and if they're marked with a bogus return address, computers in the other VLAN may
think it came from one of the machines within their VLAN.
I can't imagine that is a problem unless those machines on the first VLAN have special
privileges, and a program is running that changes a computer's behavior based on
a single packet, only authenticated by its return address. And no information is going to
leak out, since with a bogus return address, whoever's on the second VLAN isn't going to
see a response.
So... unless you're dealing with one switch managing two VLANs, and unless you're
granting potentially malicious users access to one of your VLANs, but not the other, and
unless it's a security breach for one of the VLANs to send packets to the other, I'd go
with not worrying about it.
More information about the PLUG
mailing list