Kitz Forum
Computers & Hardware => Networking => Topic started by: Alex Atkin UK on February 17, 2022, 10:08:59 PM
-
So I finally managed to get a MS510TXUP to replace my MS510TXPP as the core of my network and noticed something suspect.
Firstly, they've halved the RAM in the higher, more expensive model. But more suspect, they've changed the UI reporting into Kilobytes which to me the only reason would be so that at a glance you do not notice its halved.
Why would they reduce the RAM on a unit that has to push more packets and has more functionality?
Do you agree changing how its reported is kinda suspect?
-
No, I might well have done that in the UI that way if the units are not whole MB and as there’s a free RAM value given, I would expect they are not. So I think kB is a reasonable choice for greater free RAM accuracy.
-
No, I might well have done that in the UI that way if the units are not whole MB and as there’s a free RAM value given, I would expect they are not. So I think kB is a reasonable choice for greater free RAM accuracy.
I shall disagree.
It's about the target audience. And it's also about how our brain processes information.
Why would anyone want to know whether an extra byte in the memory is important if it really makes no difference. I think it's just pedantic.
So, I agree with the OP that a more effective way would be to display the RAM in MB, especially on the main screen, whereas a more detailed number should be available from logs or something similar. Whether that was done to trick your brain not to think that there's less RAM would be a matter for Netgear to answer.
Generally speaking, I don't buy anything in terms of computing equipment until I've fully checked the specs. I would recommend doing something similar to avoid disappointment afterwards.
-
. . . I don't buy anything in terms of computing equipment until I've fully checked the specs.
I would agree with you on that point. However it is often difficult to find all of the precise details prior to purchase.
-
Please upgrade the firmware: https://buaq.net/go-72382.html
Details
Important: Full report will be published on or after May 17th (this post will be updated).
Important: The overall code quality of the firmware is rather bad. Check if your device supports OpenWRT – it's way better than NETGEAR's firmware on these devices.
Due to the Feral Terror vulnerability a LAN-based attacker can run any Linux shell commands without any authorization as root.
This means that an attacker that already got a foothold in LAN (or is an insider) can use Feral Terror either for persistence (i.e. even if they go off the local network, they will still maintain access to the LAN via the hacked switch), or to reconfigure the switch (e.g. relax VLAN configuration, or setup port mirroring).
:lol:
-
Oh I wish OpenWRT supported these models, maybe in time as OpenWRT on switches is really new.
I had to do a whole song and dance changing my SNMP monitoring as this unit behaves different to the MS510TXPP.
IF-MIB::ifSpeed reports in bits, which is kinda pointless given its a 32 bit figure so can't represent the faster speeds. I had to change to IF-MIB::ifHighSpeed which rounds to Megabits, which is what the old model did for ifSpeed. Surely there is an SNMP standard that decides what format you are supposed to report?
IF-MIB::ifHCInOctets and IF-MIB::ifHCOutOctets doesn't report at all over SNMPv1 but did on the older model. I wasn't intentionally using SNMPv1 (lazy copy/paste of PHP code) and switching to SNMPv2c solved that.
I don't get the push to disable the default community strings, surely thats just security by obscurity so kinda worthless?
Also on the SNMP page there is a Community Configuration where you set the Management Station IP addresses. This doesn't seem to work as even though I only have my NAS IP in there, it responds to other clients on the LAN. At first I thought maybe this is only for SNMP Traps, but this is where you set the community string so surely not? I should probably check ReadOnly is beind obeyed.
Updating the firmware was next on my list though.
At least SNMP responds fairly quickly, unlike my ZyXEL Access Point where its pointless monitoring traffic as it takes several seconds to probe each value. Also not been able to find an MIB on that which reports link rate which is utterly stupid as that's the main piece of information you want to know.
-
Please upgrade the firmware: https://buaq.net/go-72382.html
Details
Important: Full report will be published on or after May 17th (this post will be updated).
Important: The overall code quality of the firmware is rather bad. Check if your device supports OpenWRT – it's way better than NETGEAR's firmware on these devices.
Due to the Feral Terror vulnerability a LAN-based attacker can run any Linux shell commands without any authorization as root.
This means that an attacker that already got a foothold in LAN (or is an insider) can use Feral Terror either for persistence (i.e. even if they go off the local network, they will still maintain access to the LAN via the hacked switch), or to reconfigure the switch (e.g. relax VLAN configuration, or setup port mirroring).
:lol:
Not a remote exploit ;)
Although agree on the OpenWRT suggestion anyway.
-
Not a remote exploit ;)
Although agree on the OpenWRT suggestion anyway.
But it can become one.
I follow this topic weekly on the OpenWRT forum: https://forum.openwrt.org/t/support-for-rtl838x-based-managed-switches/57875
The progress they have made is incredible all 66 network switches are listed here:https://svanheule.net/switches/models
This Netgear is listed.
-
But it can become one.
I follow this topic weekly on the OpenWRT forum: https://forum.openwrt.org/t/support-for-rtl838x-based-managed-switches/57875
The progress they have made is incredible all 66 network switches are listed here:https://svanheule.net/switches/models
This Netgear is listed.
That's great and all, but it has a long way to go and will invalidate the lifetime warranty.
I'd love to see the GS110EMX supported though as it lacks SNMP.