Netgear 5-port Gigabit switch -- $10 ?
Canada Computer is selling - Netgear GS105E ProSafe Plus Switch, 5-Port Gigabit Ethernet - 5 Ports - 5 x RJ-45 - 10/100/1000Base-T - Wall Mountable - http://www.canadacomputers.com/product_info.php?cPath=355&item_id=077172&utm_source=newsletter&utm_medium=email&utm_campaign=160324&utm_content=netgear for $10. Any comment on the item? -- William
On 03/25/2016 11:36 AM, William Park wrote:
Canada Computer is selling - Netgear GS105E ProSafe Plus Switch, 5-Port Gigabit Ethernet - 5 Ports - 5 x RJ-45 - 10/100/1000Base-T - Wall Mountable - http://www.canadacomputers.com/product_info.php?cPath=355&item_id=077172&utm_source=newsletter&utm_medium=email&utm_campaign=160324&utm_content=netgear for $10.
Any comment on the item?
There doesn't appear to be a lot of stock.
On 03/25/2016 12:13 PM, James Knott wrote:
On 03/25/2016 11:36 AM, William Park wrote:
Canada Computer is selling - Netgear GS105E ProSafe Plus Switch, 5-Port Gigabit Ethernet - 5 Ports - 5 x RJ-45 - 10/100/1000Base-T - Wall Mountable - http://www.canadacomputers.com/product_info.php?cPath=355&item_id=077172&utm_source=newsletter&utm_medium=email&utm_campaign=160324&utm_content=netgear for $10.
Any comment on the item? There doesn't appear to be a lot of stock.
It appears to be gone now.
| From: William Park <opengeometry@yahoo.ca> | Canada Computer is selling | - Netgear GS105E ProSafe Plus Switch, 5-Port Gigabit Ethernet - 5 | Ports - 5 x RJ-45 - 10/100/1000Base-T - Wall Mountable | - http://www.canadacomputers.com/product_info.php?cPath=355&item_id=077172&utm_source=newsletter&utm_medium=email&utm_campaign=160324&utm_content=netgear | for $10. This has a neat feature: it can do VLANs. But it must be configured from a Windows program. UNFORTUNATELY the protocol, while undisclosed, cannot be secured. This is a security disaster. I have a few of the 8-port version that I haven't used because of this problem.
On 03/25/2016 08:21 PM, D. Hugh Redelmeier wrote:
This has a neat feature: it can do VLANs. But it must be configured from a Windows program.
Another thing it has is port mirroring. This allows one port to monitor other ports, so you could plug in a computer running Wireshark to see what's going by. This sort of thing is known as a "data tap" or "network tap" and 3 port devices that do that cost a lot more than $10. Also, how far does that utility work? If it won't pass through routers, then you're at least protected from the outside. You just have to ensure others on the local lan don't get access to that utility.
On 03/25/2016 08:21 PM, D. Hugh Redelmeier wrote:
UNFORTUNATELY the protocol, while undisclosed, cannot be secured. This is a security disaster. I have a few of the 8-port version that I haven't used because of this problem.
According to the manual, you can put a password on the switch. Have you looked at the protocol with Wireshark to see if it uses plain text? Would you be interested in parting with one of those 8 port switches? As for security, I do a fair bit of work with Cisco gear and am a CCNA. Telnet is very often used to configure them, which is plain text.
On 03/25/2016 08:21 PM, D. Hugh Redelmeier wrote:
| From: William Park <opengeometry@yahoo.ca>
| Canada Computer is selling | - Netgear GS105E ProSafe Plus Switch, 5-Port Gigabit Ethernet - 5 | Ports - 5 x RJ-45 - 10/100/1000Base-T - Wall Mountable | - http://www.canadacomputers.com/product_info.php?cPath=355&item_id=077172&utm_source=newsletter&utm_medium=email&utm_campaign=160324&utm_content=netgear | for $10.
This has a neat feature: it can do VLANs. But it must be configured from a Windows program.
UNFORTUNATELY the protocol, while undisclosed, cannot be secured. This is a security disaster. I have a few of the 8-port version that I haven't used because of this problem. --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk I kind of like th1 GS108. Its an 8 port managed switch and has the upside of being able to run from POE connection so you don't need the wall wart. But its more like $80.
I am not sure how well it is secured but it at least seems to require a password and is web based. -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
"As for security, I do a fair bit of work with Cisco gear and am a CCNA. Telnet is very often used to configure them, which is plain text." Oh god my eyes. On Sat, Mar 26, 2016, 9:05 PM Alvin Starr <alvin@netvel.net> wrote:
On 03/25/2016 08:21 PM, D. Hugh Redelmeier wrote:
| From: William Park <opengeometry@yahoo.ca>
| Canada Computer is selling | - Netgear GS105E ProSafe Plus Switch, 5-Port Gigabit Ethernet - 5 | Ports - 5 x RJ-45 - 10/100/1000Base-T - Wall Mountable | - http://www.canadacomputers.com/product_info.php?cPath=355&item_id=077172&utm_source=newsletter&utm_medium=email&utm_campaign=160324&utm_content=netgear | for $10.
This has a neat feature: it can do VLANs. But it must be configured from a Windows program.
UNFORTUNATELY the protocol, while undisclosed, cannot be secured. This is a security disaster. I have a few of the 8-port version that I haven't used because of this problem. --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk I kind of like th1 GS108. Its an 8 port managed switch and has the upside of being able to run from POE connection so you don't need the wall wart. But its more like $80.
I am not sure how well it is secured but it at least seems to require a password and is web based.
-- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
On 03/26/2016 09:58 PM, David Thornton wrote:
"As for security, I do a fair bit of work with Cisco gear and am a CCNA. Telnet is very often used to configure them, which is plain text."
Oh god my eyes.
I don't recommend telnet, but many people do use it. However, it's not as risky as it used to be. Back in the days of coax or hub based Ethernet, anyone could see all the traffic on the network. This made it easy to intercept IDs and passwords. With switches, in order to do that, you'd need one of those taps I mentioned earlier or management access to the switch. Of course, telnet still shouldn't be used over the Internet. Also, while some gear supports ssh, there is still a lot that's telnet only.
On 03/26/2016 11:32 PM, James Knott wrote:
On 03/26/2016 09:58 PM, David Thornton wrote:
"As for security, I do a fair bit of work with Cisco gear and am a CCNA. Telnet is very often used to configure them, which is plain text."
Oh god my eyes.
I don't recommend telnet, but many people do use it. However, it's not as risky as it used to be. Back in the days of coax or hub based Ethernet, anyone could see all the traffic on the network. This made it easy to intercept IDs and passwords. With switches, in order to do that, you'd need one of those taps I mentioned earlier or management access to the switch. Of course, telnet still shouldn't be used over the Internet. Also, while some gear supports ssh, there is still a lot that's telnet only.
Even with SSH the first thing coming back from the switch is a set of well defined headers and prompts so I would be willing to bet that SSH on a switch is fairly crackable. A lot of the lower end switches use a http web interface which is no more secure than telnet. Sadly switch configuration has not changed much in the last 20+ years. It would be interesting to see cheap Openflow switches but that technology is still a few years away from permeating the SME market. -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On 03/27/2016 08:55 AM, Alvin Starr wrote:
Even with SSH the first thing coming back from the switch is a set of well defined headers and prompts so I would be willing to bet that SSH on a switch is fairly crackable.
I thought ssh was secure. IIRC, the key changes frequently, with the public/private key pair used only to set up the connection, with a random key used to carry the data.
A lot of the lower end switches use a http web interface which is no more secure than telnet. Many use https, instead of plain http. Again, it's the same key situation as with ssh. Sadly switch configuration has not changed much in the last 20+ years. It would be interesting to see cheap Openflow switches but that technology is still a few years away from permeating the SME market. I normally use the console port, when working with equipment. However, with large networks, you have to rely on some remote connection.
As I mentioned earlier, in order to attack a password, you have to see the data. That doesn't happen much with switches, though it was quite easy prior to switches. Also, remote management is generally done via vlan, which makes it a bit more difficult for a casual eavesdropper.
Even with SSH the first thing coming back from the switch is a set of well defined headers and prompts so I would be willing to bet that SSH on a switch is fairly crackable. I thought ssh was secure. IIRC, the key changes frequently, with the
On 03/27/2016 08:55 AM, Alvin Starr wrote: public/private key pair used only to set up the connection, with a random key used to carry the data. I do not know for sure but It was my understanding that if you know the
On 03/27/2016 10:02 AM, James Knott wrote: payload it is possible to back calculate the encryption keys and invariably switches sent a standard banner and a Username: Password:. There may be better security with key based login and no password. On the other hand I am sure the encryption is good enough to stop all but nation states or folks like SPECTRE or KAOS.
A lot of the lower end switches use a http web interface which is no more secure than telnet. Many use https, instead of plain http. Again, it's the same key situation as with ssh. True but you also end up with standard pages on each login. Sadly switch configuration has not changed much in the last 20+ years. It would be interesting to see cheap Openflow switches but that technology is still a few years away from permeating the SME market. I normally use the console port, when working with equipment. However, with large networks, you have to rely on some remote connection.
As I mentioned earlier, in order to attack a password, you have to see the data. That doesn't happen much with switches, though it was quite easy prior to switches. Also, remote management is generally done via vlan, which makes it a bit more difficult for a casual eavesdropper.
I have to lots of switch management remotely. I do login to the local networks via VPN but you never know what is in the middle on the internet or even the local network. -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On 03/27/2016 11:39 AM, Alvin Starr wrote:
Even with SSH the first thing coming back from the switch is a set of well defined headers and prompts so I would be willing to bet that SSH on a switch is fairly crackable. I thought ssh was secure. IIRC, the key changes frequently, with the
On 03/27/2016 08:55 AM, Alvin Starr wrote: public/private key pair used only to set up the connection, with a random key used to carry the data. I do not know for sure but It was my understanding that if you know the
On 03/27/2016 10:02 AM, James Knott wrote: payload it is possible to back calculate the encryption keys and invariably switches sent a standard banner and a Username: Password:. There may be better security with key based login and no password. On the other hand I am sure the encryption is good enough to stop all but nation states or folks like SPECTRE or KAOS.
You may want to read up on how public/private encryption systems work. The public/private key pair is used only to exchange the actual key that's used for encrypting the data. This key is used only once and is essentially a random number. It's hard to find patterns with it. That key is then used with secret key encryption, such as AES, to carry the data. Again, with a a single use key, it's unlikely to be cracked.
A lot of the lower end switches use a http web interface which is no more secure than telnet. Many use https, instead of plain http. Again, it's the same key situation as with ssh. True but you also end up with standard pages on each login. Sadly switch configuration has not changed much in the last 20+ years. It would be interesting to see cheap Openflow switches but that technology is still a few years away from permeating the SME market. I normally use the console port, when working with equipment. However, with large networks, you have to rely on some remote connection.
As I mentioned earlier, in order to attack a password, you have to see the data. That doesn't happen much with switches, though it was quite easy prior to switches. Also, remote management is generally done via vlan, which makes it a bit more difficult for a casual eavesdropper.
I have to lots of switch management remotely. I do login to the local networks via VPN but you never know what is in the middle on the internet or even the local network.
That's why I said ssh should be used. Telnet may be fine on the local network or via vpn, but never bare on the Internet. Protocols such as https, ssh and even some vpns use public/private key pairs. Even with a static AES key, you've got quite a battle to break it.
| From: Alvin Starr <alvin@netvel.net> | On 03/27/2016 10:02 AM, James Knott wrote: | I do not know for sure but It was my understanding that if you know the | payload it is possible to back calculate the encryption keys and | invariably switches sent a standard banner and a Username: Password:. | There may be better security with key based login and no password. | On the other hand I am sure the encryption is good enough to stop all | but nation states or folks like SPECTRE or KAOS. When you are trying to break a cryptosystem, you have a leg up if you know the plain text. That does not mean that you can break the system. So good crypto hygiene, often at the protocol level, reduces known plain text. For example, if your key is based only on a password, then trying all passwords might be feasible. Know plain text lets you easily check whether a particular guess is correct. SSH public/private keypairs are as long as you want. They are not passwords. Usually 2k or more bits of RSA these days. That's too large to brute force, probably until quantum computers work better. But one never knows. Do make sure your keys are long enough. So no, I don't think that the known plain text exposed by SSH is a problem. But I'm not a cryptographer. | | >> A lot of the lower end switches use a http web interface which is no | >> more secure than telnet. | > Many use https, instead of plain http. Again, it's the same key | > situation as with ssh. HTTPS, as it is used, is a bit more risky than ssh. First of all, lots of obsolete versions of TLS and SSL had security bugs at the protocol and implementation levels. And those versions are frozen into much firmware. Secondly, authentication, as used, is substandard. I'm talking about within-protocol authentication -- passwords are not part of TLS/SSL. Without authentication, a man-in-the-middle attack is trivial. The normal form of authentication for SSL/TLS is x.509 certificates. Unfortunately, the client end is almost never authenticated. In the case of switches, the normal procedure is for the switch (the server) to use self-signed certificates in a way that provides no actual authentication. | On 03/27/2016 10:02 AM, James Knott wrote: | > As I mentioned earlier, in order to attack a password, you have to see | > the data. That doesn't happen much with switches, though it was quite | > easy prior to switches. Also, remote management is generally done via | > vlan, which makes it a bit more difficult for a casual eavesdropper. A switch offers fewer easy points of interception but they are available anywhere along the path unless it is within your security perimeter. I can imagine that switches could get attacked via spoofed packets too. | I have to lots of switch management remotely. | I do login to the local networks via VPN but you never know what is in | the middle on the internet or even the local network. A good VPN, well-deployed, should be safe. Depending on your threat model. ================ I talk to my routers (gateways actually) through SSH. I can talk to them through IPSec too. But that's because they are PCs running ordinary Linux. My gateways' SSH servers don't allow password authentication. They are constantly hit by SSH attempts from miscreants, all password based.
So when you ssh into something it doesn't send silly stings like "username:" or "password:" . That stuff is handed "in protocol" . David On Sun, Mar 27, 2016, 2:17 PM D. Hugh Redelmeier <hugh@mimosa.com> wrote:
| From: Alvin Starr <alvin@netvel.net>
| On 03/27/2016 10:02 AM, James Knott wrote:
| I do not know for sure but It was my understanding that if you know the | payload it is possible to back calculate the encryption keys and | invariably switches sent a standard banner and a Username: Password:. | There may be better security with key based login and no password. | On the other hand I am sure the encryption is good enough to stop all | but nation states or folks like SPECTRE or KAOS.
When you are trying to break a cryptosystem, you have a leg up if you know the plain text. That does not mean that you can break the system. So good crypto hygiene, often at the protocol level, reduces known plain text.
For example, if your key is based only on a password, then trying all passwords might be feasible. Know plain text lets you easily check whether a particular guess is correct.
SSH public/private keypairs are as long as you want. They are not passwords. Usually 2k or more bits of RSA these days. That's too large to brute force, probably until quantum computers work better. But one never knows. Do make sure your keys are long enough.
So no, I don't think that the known plain text exposed by SSH is a problem. But I'm not a cryptographer.
| | >> A lot of the lower end switches use a http web interface which is no | >> more secure than telnet. | > Many use https, instead of plain http. Again, it's the same key | > situation as with ssh.
HTTPS, as it is used, is a bit more risky than ssh. First of all, lots of obsolete versions of TLS and SSL had security bugs at the protocol and implementation levels. And those versions are frozen into much firmware.
Secondly, authentication, as used, is substandard. I'm talking about within-protocol authentication -- passwords are not part of TLS/SSL. Without authentication, a man-in-the-middle attack is trivial. The normal form of authentication for SSL/TLS is x.509 certificates. Unfortunately, the client end is almost never authenticated. In the case of switches, the normal procedure is for the switch (the server) to use self-signed certificates in a way that provides no actual authentication.
| On 03/27/2016 10:02 AM, James Knott wrote:
| > As I mentioned earlier, in order to attack a password, you have to see | > the data. That doesn't happen much with switches, though it was quite | > easy prior to switches. Also, remote management is generally done via | > vlan, which makes it a bit more difficult for a casual eavesdropper.
A switch offers fewer easy points of interception but they are available anywhere along the path unless it is within your security perimeter. I can imagine that switches could get attacked via spoofed packets too.
| I have to lots of switch management remotely. | I do login to the local networks via VPN but you never know what is in | the middle on the internet or even the local network.
A good VPN, well-deployed, should be safe. Depending on your threat model.
================
I talk to my routers (gateways actually) through SSH. I can talk to them through IPSec too. But that's because they are PCs running ordinary Linux.
My gateways' SSH servers don't allow password authentication. They are constantly hit by SSH attempts from miscreants, all password based. --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
On 03/27/2016 05:46 PM, David Thornton wrote:
So when you ssh into something it doesn't send silly stings like "username:" or "password:" . That stuff is handed "in protocol" .
It's encrypted by a key that's only used once. This means that even if the text is full of known words, it's still extremely difficult to break. Also, with modern encryption, multiple instances of the same word have different encrypted strings. If the keys were continuously used, for a lot of data, then it might be possible to crack the code. However, with a single use key and modern encryption techniques, then it becomes extremely difficult. So, to recap, the public/private keys are used to protect a secret key that's only used for one session, if even that long and the encryption process prevents repeat encryption of a given plain text to encrypted text. This results in almost random encrypted data, which is extremely difficult to break.
On Sun, Mar 27, 2016 at 11:39:35AM -0400, Alvin Starr wrote:
I do not know for sure but It was my understanding that if you know the payload it is possible to back calculate the encryption keys and invariably switches sent a standard banner and a Username: Password:. There may be better security with key based login and no password. On the other hand I am sure the encryption is good enough to stop all but nation states or folks like SPECTRE or KAOS.
It is not that simple. DH key exchange works and has been used for a long time now because it works.
True but you also end up with standard pages on each login.
Good crypto protocols are very much designed to not be trivial to break even with some known plain text. It is a known obvious attack so they are designed to protect against exactly that. -- Len Sorensen
On 03/27/2016 10:15 PM, Lennart Sorensen wrote:
Good crypto protocols are very much designed to not be trivial to break even with some known plain text. It is a known obvious attack so they are designed to protect against exactly that.
Yep, they've been doing that for centuries. With a polyalphabetic cipher, each time a letter occurs in the plain text, a different letter is used in the cipher text. This makes it impossible to use the statistical methods used with monoalphabetic ciphers, where a plain text letter always has the same cipher text letter. https://en.wikipedia.org/wiki/Polyalphabetic_cipher
https://www.kickstarter.com/projects/northboundnetworks/zodiac-fx-the-worlds... boom! On Sun, Mar 27, 2016, 10:27 PM James Knott <james.knott@rogers.com> wrote:
On 03/27/2016 10:15 PM, Lennart Sorensen wrote:
Good crypto protocols are very much designed to not be trivial to break even with some known plain text. It is a known obvious attack so they are designed to protect against exactly that.
Yep, they've been doing that for centuries. With a polyalphabetic cipher, each time a letter occurs in the plain text, a different letter is used in the cipher text. This makes it impossible to use the statistical methods used with monoalphabetic ciphers, where a plain text letter always has the same cipher text letter.
https://en.wikipedia.org/wiki/Polyalphabetic_cipher --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
On 03/27/2016 10:29 PM, David Thornton wrote:
https://www.kickstarter.com/projects/northboundnetworks/zodiac-fx-the-worlds... boom!
Excellent. It would be nice to see whitebox products move from the high end down to something individuals can afford. -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
| From: Lennart Sorensen <lsorense@csclub.uwaterloo.ca> | It is not that simple. DH key exchange works and has been used for a | long time now because it works. Yes, but it doesn't prevent man-in-the-middle attacks. For that you need authentication. SSH does a few things for authentication. SSH hosts have keys. An SSH client warns the user if a hosts key has changed since the last time they talked. This puts little burden on the user and yet gives some security. But it won't detect a man-in-the-middle that was there from first contact. Users can authenticate with a client via passwords or via a public key. Both require out-of-band installation of credentials. I think that the password will travel over the wire when authenticating, but encrypted. But a spoofing server could collect passwords. With a public key system (like RSA), only a signature goes over the wire. So a spoofing server could not collect the key. Things get a little more intricate when you use ssh-agent for forwarding authenticaton.
On 03/27/2016 10:31 PM, D. Hugh Redelmeier wrote:
SSH does a few things for authentication.
SSH hosts have keys. An SSH client warns the user if a hosts key has changed since the last time they talked. This puts little burden on the user and yet gives some security. But it won't detect a man-in-the-middle that was there from first contact.
Users can authenticate with a client via passwords or via a public key. Both require out-of-band installation of credentials.
I think that the password will travel over the wire when authenticating, but encrypted. But a spoofing server could collect passwords.
With a public key system (like RSA), only a signature goes over the wire. So a spoofing server could not collect the key. Things get a little more intricate when you use ssh-agent for forwarding authenticaton.
I thought ssh used a public/private key system, at least when used passwordless. I have to generate a public/private key pair and place the public key on the servers I connect to and keep the private key on my computer. Also, Cisco gear supports ssh with RSA keys.
| From: James Knott <james.knott@rogers.com> | On 03/27/2016 10:31 PM, D. Hugh Redelmeier wrote: | > SSH does a few things for authentication. | > Users can authenticate with a client via passwords or via a public | > key. | I thought ssh used a public/private key system, at least when used | passwordless. I have to generate a public/private key pair and place | the public key on the servers I connect to and keep the private key on | my computer. Also, Cisco gear supports ssh with RSA keys. SSH support more than one public key cryptosystem. But it also supports plain old UNIX passwords. And some other systems that I've never used. As I mentioned elsewhere, it is usually a good idea to disable password authentication on internet-facing ssh servers. That's a setting in /etc/ssh/sshd_config.
On 27/03/16 10:56 PM, James Knott wrote:
I thought ssh used a public/private key system, at least when used passwordless. I have to generate a public/private key pair and place the public key on the servers I connect to and keep the private key on my computer. Also, Cisco gear supports ssh with RSA keys. --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
SSH uses public/private keys for a few things: 1. Host ID: As has been said already, if you are presented (via SSH) a signature made from a private host key whose public key you have and trust, you have a cryptographically secure ID of the peer. 2. Session key exchange - host keys of server and client (peers), using the also-mentioned Diffie Hellman algorithm and friends, are used to (independently) create (the same) shared secret. The secret never goes out over the wire in any form. 3. Optionally, authenticate the client with a (different) public/private key. The server has the user's public key, *only* the client has his corresponding private key. Alternatively, punt up to the OS to do a password challenge. 4. Session encryption - using the shared secret created in 2. and using one of the AES family of block ciphers or similar. The ciphers used here have changed a lot over time. DES56 was good as long as a modest network of Playstations couldn't brute-force it. AES (Rijndael) is a better scrambler and is used with more bits (128 to 256). RSA, for example, is not used to encrypt the whole session because it is computationally much more expensive, and would ultimately, over a large communication, provide a good lot of raw data with which to brute-force the key. And yes, SSH can create a new session key periodically for the same reason. Every 2^28 packets is recommended. Many of the plaintext "leakages" that have come up in the vulnerability publications in the past decade or so have not been as a result of weakness in RSA or AES, but in the implementation of the protocol in which they are used. For example, if an attacker were able to inject known errors in the length field an AES-CBC transmission and analyse the timing of the error return, he might get 32 bits or so of plaintext in ~2^18 tries. Each one of which terminated the SSH session. A weakness, yes, but not a very useful one. Back to the idea that knowledge of specific payload contents might help in decryption / plaintext recovery: These modern scrambling algorithms (ciphers) don't provide that kind of opportunity. The theory is that they are not reversible without the 128, 192, of 256-bit key itself. So a brute force attack on the encrypted data would still be necessary. All that you gain from some (or even general) knowledge about the original payload is that you know when you have hit on the key. *Anything* other than complete noise is almost certainly the original plaintext. But by then all the stars have gone out anyway. Unless the Playstation of the future is like Deep Thought. Or you got lucky (2^-256 ?) Cheers, Mike
On Sun, Mar 27, 2016 at 08:55:57AM -0400, Alvin Starr wrote:
Even with SSH the first thing coming back from the switch is a set of well defined headers and prompts so I would be willing to bet that SSH on a switch is fairly crackable.
You would probably loose that bet. Unless of course someone has made a bad random number generator and the keys are predictable
A lot of the lower end switches use a http web interface which is no more secure than telnet.
Sadly switch configuration has not changed much in the last 20+ years. It would be interesting to see cheap Openflow switches but that technology is still a few years away from permeating the SME market.
Yeah I am not sure when that is likely to happen. -- Len Sorensen
On 03/25/2016 11:36 AM, William Park wrote:
Canada Computer is selling - Netgear GS105E ProSafe Plus Switch, 5-Port Gigabit Ethernet - 5 Ports - 5 x RJ-45 - 10/100/1000Base-T - Wall Mountable - http://www.canadacomputers.com/product_info.php?cPath=355&item_id=077172&utm_source=newsletter&utm_medium=email&utm_campaign=160324&utm_content=netgear for $10.
Any comment on the item?
You might want to consider this TP-Link managed switch. It has port mirroring, so it can be used to monitor Ethernet traffic. I just bought one today. http://www.canadacomputers.com/product_info.php?cPath=27_1045_355&item_id=084911
On 08/11/2016 01:26 PM, James Knott wrote:
On 03/25/2016 11:36 AM, William Park wrote:
Canada Computer is selling - Netgear GS105E ProSafe Plus Switch, 5-Port Gigabit Ethernet - 5 Ports - 5 x RJ-45 - 10/100/1000Base-T - Wall Mountable - http://www.canadacomputers.com/product_info.php?cPath=355&item_id=077172&utm_source=newsletter&utm_medium=email&utm_campaign=160324&utm_content=netgear for $10.
Any comment on the item? You might want to consider this TP-Link managed switch. It has port mirroring, so it can be used to monitor Ethernet traffic. I just bought one today.
http://www.canadacomputers.com/product_info.php?cPath=27_1045_355&item_id=084911
Some have decided against this sort of device, because it uses a Windows based configuration utility. Well, I just checked and it works in Wine. I got mine for $35 last month, but $45 is still a good price for a switch that can be used as an Ethernet tap. No Windows required.
On 03/25/2016 11:36 AM, William Park wrote:
Canada Computer is selling - Netgear GS105E ProSafe Plus Switch, 5-Port Gigabit Ethernet - 5 Ports - 5 x RJ-45 - 10/100/1000Base-T - Wall Mountable - http://www.canadacomputers.com/product_info.php?cPath=355&item_id=077172&utm_source=newsletter&utm_medium=email&utm_campaign=160324&utm_content=netgear for $10.
You should have grabbed it when you could for that price and worried about it later. The current price on the item is $30. -- Cheers! Kevin. http://www.ve3syb.ca/ |"Nerds make the shiny things that distract Owner of Elecraft K2 #2172 | the mouth-breathers, and that's why we're | powerful!" #include <disclaimer/favourite> | --Chris Hardwick
Apparently a newer version of the Netgear switch is now available for $35. According to the docs, it supports a web interface, so all you need is a browser. http://www.canadacomputers.com/product_info.php?cPath=355&item_id=077172&utm_source=newsletter&utm_medium=email&utm_campaign=160324&utm_content=netgear On 09/05/2016 12:53 PM, James Knott via talk wrote:
On 03/25/2016 11:36 AM, William Park wrote:
Canada Computer is selling - Netgear GS105E ProSafe Plus Switch, 5-Port Gigabit Ethernet - 5 Ports - 5 x RJ-45 - 10/100/1000Base-T - Wall Mountable - http://www.canadacomputers.com/product_info.php?cPath=355&item_id=077172&utm_source=newsletter&utm_medium=email&utm_campaign=160324&utm_content=netgear for $10.
Any comment on the item? You might want to consider this TP-Link managed switch. It has port mirroring, so it can be used to monitor Ethernet traffic. I just bought one today.
http://www.canadacomputers.com/product_info.php?cPath=27_1045_355&item_id=084911 Some have decided against this sort of device, because it uses a Windows
On 08/11/2016 01:26 PM, James Knott wrote: based configuration utility. Well, I just checked and it works in Wine. I got mine for $35 last month, but $45 is still a good price for a switch that can be used as an Ethernet tap. No Windows required.
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
participants (8)
-
Alvin Starr -
D. Hugh Redelmeier -
David Thornton -
El Fontanero -
James Knott -
Kevin Cozens -
Lennart Sorensen -
William Park