On Mon, 6 Jun 2022 15:33:57 -0700 Eric House <[email protected]> wrote:
> suggesting that the VLAN implementations in consumer grade switches from > both TP-Link and Netgear are insecure. > > Can anybody tell me how worried I should be about this? Should I: I'm not an expert on this to say the least, but as far as I can tell the only security risk is if you have two VLANs. A switch that's supposed to transport packets for two separate VLANs can in some cases transport packets from one VLAN to the other, and if they're marked with a bogus return address, computers in the other VLAN may think it came from one of the machines within their VLAN. I can't imagine that is a problem unless those machines on the first VLAN have special privileges, and a program is running that changes a computer's behavior based on a single packet, only authenticated by its return address. And no information is going to leak out, since with a bogus return address, whoever's on the second VLAN isn't going to see a response. So... unless you're dealing with one switch managing two VLANs, and unless you're granting potentially malicious users access to one of your VLANs, but not the other, and unless it's a security breach for one of the VLANs to send packets to the other, I'd go with not worrying about it.
