What vulnerabilities would you imagine there to be in an unmanaged (aka: dumb) switch? Someone can force the switch to flood all traffic to all ports?
Bearing in mind that switches generally have special-purpose hardware that's responsible for handling switching, I find it unlikely that cheapass dumbswitches have enough CPU to copy LAN data and send it out to a remote system at any useful speed.
Also, next time you're looking for a switch (or if you're still within the return period for your used switch), consider Mikrotik switches. I've had four CRS326-24G-2S+ units for three, maybe five years now and I'm quite happy with them. However, I know nothing about their routers or WiFi APs.
They aren't usually accessible until the network is compromised.
TP-Link cheap consumer configurable switches used to have, IIRC, a VLAN permanently available on all physical ports, giving access to everything going through a switch. After many complaints, they "upgraded" the firmware to support disabling the VLAN from the GUI, though it remained default enabled, and included a note with something like "we only had it that way because customers demanded it".
By "a VLAN permanently available" do you mean something like "all frames traversing the switch got a VLAN tag (whose ID was hard-coded) slapped onto them"?
If not, I'm not sure what you mean, as a cheapass dumbswitch always allows access to everything going through a switch. It's been my experience that any dumbswitch that can handle jumbo frames will fail to act on VLAN-tagged frames and just pass them through unmolested. (Ones that cannot handle jumbo frames might drop "large" VLAN-tagged frames on the floor.)
I don't like the terms "dumb" or "smart" when discussing switches, because it isn't very useful.
The term "configurable" is more useful, because it means that the switch can be configured (vs. non-configurable switches that may also be "smart", i.e., a "dumb" switch is really just a hub).
IIRC, the TP-Link models with this "feature" hard-coded into the GUI would enable a VLAN on all physical ports with VLAN enabled.
Oh, and it was fixed with a firmware update, so it's not like there was some hardware limitation.
> TP-Link models with this "feature" hard-coded into the GUI would enable a VLAN on all physical ports with VLAN enabled.
That's a slightly strange feature. I guess it was to cope with downstream switches (or administrators(!)) that refused to assign an administrator-assigned VLAN tag to untagged traffic?
> I don't like the terms "dumb" or "smart" when discussing switches, because it isn't very useful.
In the lore that I'm familiar with, there are three general categories, "dumb", "smart", and "managed". The boundaries between the latter two categories are fuzzy... with "smart" switches tending to offer you very little configurability, and "managed" switches offering you nearly everything you'd expect from an Enterprise switch.
It's true that the difference between "dumb" and "not dumb" switches are that the former offers no end-user configuration, but how do you succinctly distinguish between a switch that offers -say- only the ability to force link speeds on specific ports, and a switch that offers link bonding and IGMP snooping and VLANs, and etc., etc., etc.? Use the terms "Prosumer" and "Enterprise"? [0]
But yeah, naming is hard... case in point:
> vs. non-configurable switches that may also be "smart", i.e., a "dumb" switch is really just a hub
Perhaps this was a brain fart on your part, because that's completely incorrect. An Ethernet hub does absolutely no filtering... all traffic that enters on one port is flooded to all other ports on the device. This means that Ethernet collision detection is essential for operation when attached to a hub, and total throughput decreases sharply when one has many chatty stations on one's LAN. The feature that distinguishes a switch from a hub is that a switch doesn't flood unicast traffic because it learns which ports have which MAC addresses behind them and routes traffic based on that information.
[0] Though, if I were king of the world, every consumer-grade switch would have the features of a low-to-mid-range managed switch. While I understand why things are the way they are, it's a crying shame that dumbswitches are the norm.
