At my college, we have an airgapped network for security classes, and when assignments are due, we often run out of ethernet cables. I had just mentioned I would bring a switch with me the next day and people were confused why I'd be goofing off with a Switch so close to the deadline.
> when assignments are due, we often run out of ethernet cables. I had just mentioned I would bring a switch with me the next day
As I understand it, a switch will solve a shortage of ethernet ports, but will make the cable problem worse by requiring one extra cable. What's the purpose of the switch here?
I think they mean out of ethernet-cables-that-are-usable-to-get-network-access. So there's loose cables aplenty, but a shortage of cables that work in the sense of the far end being plugged in, due to a shortage of ports.
From the perspective of a student walking into the room with their laptop, that's a shortage of cable-ends that they can plug into their laptop to gain network access.
Why should it be, or even be detectable if OP attaches a switch? Afaik, those don't even have different MACs and even if they do, it is unlikely that the university has all the students laptops MACs.
They might have people in a couple of different rooms, and plenty of short Ethernet cables but not enough long ones. So a switch allows them to run one cable between rooms and use a bunch of shorter cables within the room.
I'd presume anyone bringing a network switch with them to class would also have some Cat5e kicking around. Otherwise, what good is the switch doing them?
One MAC per port is very low yield, won’t do anything to stop even a mildly sophisticated attacker, and often just makes life more difficult than it needs to be. Especially for a college network where any notion that the general network is “secure” is a complete joke.
It's not meant to be a comprehensive security plan, but rather a very easy thing to have configured on each port, to stop people from plugging $20 8 port dumb switches into managed infrastructure.
if you use a cheap router instead of a switch the far end will only see one MAC address which is the one of the router. doing NAT then is as easy as it could be. You could literally use just about any router out of the box without even configuring anything. you can also add an ethernet switch behind this device easily. only limiting a port to a single MAC is therefore somewhat pointless. you would prohibit valid use cases (adding a switch) without hindering any nefarious user (guy with a cheap router). Also, NAT for MAC addresses is a thing although not necessarily the most useful approach in this case...
Wait till he finds out that people frequently use multiple VMs with their own MAC addresses on a given physical box. Especially in the kind of lab where people are working on security projects.
Edit: or that security includes availability in addition to confidentiality and integrity
Eh, at work I either have to assign them pre-approved MAC addresses or get approval for VM MACs, or just use pretend my PC is a router and all VMs get a 100...* IP (10...* is used for the network already).
Why rfc6598 space instead of one of the other 1918 ranges? I would expect pretending to be a cgn on an internal network to blow up in spectacular fashion.
I think he means doing NAT on his PC itself (such as is the default network configuration on virtualbox), where it doesn't ordinarily matter what private IP range the VMs are located in. VMs get DHCP leases and a default gateway from the host. The host presents only one IP address and MAC to what it's physically plugged into.
I know what NAT is, and even if I didn't it was obvious from the post, my question was about the range chosen for the clients. Given that the RFC covering 100.64../10 is specifically for carrier-grade NAT (that's what cgn in my post refers to) I was surprised at the choice to use it instead of one of the other private IP ranges specified in rfc1918, such as 192.168../16.
One place where cgn addressing can trip people up is with DNS; lots of DNS servers (especially the flimsy ones used in lab-in-a-box setups) end up filtering host records for those ranges which can screw up SSH by making the reverse lookup fail, for instance.
Edit: from the text of the RFC -
"""Because CGN service requires non-overlapping address space on each
side of the home NAT and CGN, entities using Shared Address Space for
purposes other than for CGN service, as described in this document,
are likely to experience problems implementing or connecting to CGN
service at such time as they exhaust their supply of public IPv4
addresses."""
I'm surprised to not see anyone talking about how Switch homebrew works and which devices are compatible. There's both hardware and software patches to worry about.
I'm [vaguely] interested in unconventional Android devices.
People often talk about "plenty of android devices with X" where x is e.g. a keyboard. But a search of Google, Ali Express, etc don't yield much except for conventional phones.
Is there a list or other source where I can discover these mythical interesting devices?
There are a ton of non-smartphone Android devices out there, but a lot of manufacturers are a bit cagy about the fact that they use Android. A couple of fun ones:
This is probably not quite what you're talking about, but:
I'm convinced there's a bunch of interesting single-purpose Android devices that simply aren't available to the general public. The manufacturers are large companies that you've probably heard of that don't do business on places like AliExpress. Unfortunately, the devices in question are "enterprise" products, and sold accordingly.
For example, the self-service kiosks at Taco Bell seem to be Android-based, though I can't confirm this. Good luck finding a supplier who will sell you those in lots of less than a thousand.
Swinging around to your original question, I occasionally hear about MIPS-based Android tablets made for Indian or Chinese markets. I'm sure they're on AliExpress, but I doubt they're clearly labeled as MIPS.
Norwegian Air's in-flight entertainment systems (screen on the back of the seat in front of you) are modified/custom Android tablets. When you open the flight tracker you can see the regular Android buttons at the bottom and pull down to see the notification area (which has been modified to contain no content). Didn't find a way out of their sandbox, maybe next time I'll bring a male-male usb cable and see if I can get in with adb..
Could those people be referring to Chromebooks and other ChromeOS netbooks? They apparently run any android app, although they aren't really running android as the OS.
Cute project! Sometimes it's nice to see a simple hack that elucidates perfectly just how amazing it is to actually be able to run our own software on a variety of devices. With Linux support, these devices will be useful for decades to do random things.
i am a bit disappointed that what has been done is basically installing linux and setting up a bridge using usb ethernet dongles. not what i was expecting. its still somewhat amusing though.
yeah, tbh, I wanted to do it with the it still functioning as a game console. However I realized that it would be way too difficult for me and would never get done :/
There is a hardware vulnerability in the first ~18 months of Switch systems produced. It’s a USB boot mode (like DFU mode in iPhones) from the underlying Tegra chipset and is triggered by pressing the Tegra “Home” button (not the Switch Home button!), one of the Volume buttons, and Power while injecting the software you want to boot over USB. That button is exposed as one of the pins (#9, iirc?) of the right-side Joycon rail, so all you have to do is short that to ground with anything you like. 3D printed jigs are cheap and common.
Your system will get banned from Nintendo online services if you run any Switch-mode homebrew—for good reason since piracy and online hacking have unfortunately become rampant—so the most I’ve done with mine is run the standalone Hekate to dump my system’s unique keys and internal storage a few times. I’m still enjoying the system for its intended use too much to want to go offline forever, so I’m just holding on to an exploitable system for a few years until the Next Big Thing comes along.
As for obtaining an exploitable system, all you need is one manufactured before July 2018. I keep the following in the Notes app on my phone for when I see a used system for sale in the wild:
> Your system will get banned from Nintendo online services if you run any Switch-mode homebrew
What you can do is set up a separate Homebrew-enabled partition on your SD card without any wifi networks to connect to, and keep your normal, untouched partition for normal use.
For similar reasons, installing Android/Linux is safe.
Its quite a large number of them but not any of the ones you can get from a store anymore. There are loads of them floating around ebay second hand. Just look up the serial number checker and you should have no issues snagging one.
Hej Yetanfao, can I randomly ask you if you're aware of any tech positions you could refer? I'm seriously considering moving to Sweden (and it's not just the 1Gbit fiber).
US is weirdly bipolar when it comes to internet. In some areas, you can barely get a DSL connection from a single ISP, and it will be some astronomical price of like $70+/mo (if you are lucky). If you don't like it, suck it up, because you have no other providers servicing your area. In others, you have like 4-5 ISPs, all offering fiber and at reasonable prices.
It definitely feels like it is getting better, though. Moved to Seattle and am happily paying ~$40/mo for symmetrical non-capped 1Gb fiber (both up and down). Even my family still living in suburban GA (way outside of the perimeter, not some within-the-city suburb) got fiber recently, and at a fairly ok price for the area (tho definitely way more expensive than $40/mo, and they only have a choice between Comcast and AT&T, unfortunately).
The author's main motivation is probably the cool name "Nintendo Switch Switch" but a bridge is not a switch, so it should be called a "Nintendo Switch Bridge".
Being a little pedandic here aren't we? For all intents and purposes a bridge is basically a switch with two ports. At the end of the day this is running on a Linux kernel so it can basically be any networking device you want it to be, even a router.
No, even a two-port bridge is smarter than physical extension/repeater. I.e. the bridge will not forward ethernet frames to the other port if the destination if assumed to be in the originating network segment.
Now we can avoid that kind of confusion! :)