[GTALUG] Netgear 5-port Gigabit switch -- $10 ?

Alvin Starr alvin at netvel.net
Sun Mar 27 11:39:35 UTC 2016 

On 03/27/2016 10:02 AM, James Knott wrote:
> On 03/27/2016 08:55 AM, Alvin Starr wrote:
>> Even with SSH the first thing coming back from the switch is a set of
>> well defined headers and prompts so I would be willing to bet that SSH
>> on a switch is fairly crackable.
> I thought ssh was secure.  IIRC, the key changes frequently, with the
> public/private key pair used only to set up the connection, with a
> random key used to carry the data.
I do not know for sure but It was my understanding that if you know the
payload it is possible to back calculate the encryption keys and
invariably switches sent a standard banner and a Username: Password:.
There may be better security with key based login and no password.
On the other hand I am sure the encryption is good enough to stop all
but nation states or folks like SPECTRE or KAOS.

>> A lot of the lower end switches use a http web interface which is no 
>> more secure than telnet.
> Many use https, instead of plain http.  Again, it's the same key
> situation as with ssh.
True but you also end up with standard pages on each login.
>> Sadly switch configuration has not changed much in the last 20+ years.
>> It would be interesting to see cheap Openflow switches but that
>> technology is still a few years away from permeating the SME market.
> I normally use the console port, when working with equipment.  However,
> with large networks, you have to rely on some remote connection.
>
> As I mentioned earlier, in order to attack a password, you have to see
> the data.  That doesn't happen much with switches, though it was quite
> easy prior to switches.  Also, remote management is generally done via
> vlan, which makes it a bit more difficult for a casual eavesdropper.
>
>

I have to lots of switch management remotely.
I do login to the local networks via VPN but you never know what is in
the middle on the internet or even the local network.


-- 
Alvin Starr                   ||   voice: (905)513-7688
Netvel Inc.                   ||   Cell:  (416)806-0133
alvin at netvel.net              ||

More information about the talk mailing list