On Fri, 2015-09-11 at 20:01 -0400, Bob Call wrote: > > What is that "managed switch" ? Could it be a hardware level > > backdoor? > > Most routers these days (most anything with gigabit switch) has a > managed switch. This is usually a separate controller (sometimes not) > from the SoC. In the case of the TL-WDR4300 and TL-WR1043ND, they > have > a separate controller for the switch. Generally, these controllers > have their own flash, a blob in the main flash ROM or a built-in ROM. > At this point, it is still not fully clear (to me) which category > this > switch falls into. If the controller has a true ROM (can't be > flashed), > then it might be OK. If we find a blob in the main flash ROM or in u > -boot, it could be game over. > > In terms of having a backdoor, I personally try to avoid managed > switches, but that is kind of hard to avoid these days. There still > lots of other potential issues with any piece of hardware you buy, so > the risk is about the same. > > If anyone on the mailing list has additional information to add, that > would be great.
The only thing I could add is that my knowledge of managed switches is that they allow more control over the switch (by the admin) than regular, "dumb" switches. Managed switches usually get an IP address and have an interface (generally web) for configuration, similar to normal home routers or the LuCI interface. It could technically be possible to have a backdoor, due to this extra functionality. I would probably stay away from Huawei equipment for this reason. Most importantly, unless absolutely needed, I would configure your gateway firewall to block all inbound and outbound packets directly from the switch's IP address to help negate backdoor functionality. Also, as per usual, change the default admin password to something strong. - Stephan _______________________________________________ Librecmc-dev mailing list Librecmc-dev@lists.librecmc.org https://librecmc.org/mailman/listinfo/librecmc-dev
