[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.

Post Reply 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Transparent PC port [SOLVED]
Author Message
jolouis Offline

Posts: 339
Joined: Oct 2013
Reputation: 6
Post: #7
RE: Transparent PC port [SOLVED]
(11-25-2014 10:00 PM)Ret Wrote:  In a hub every port receives all traffic on the network. In a switch each port receives only its corresponding traffic (based on IP). That's why I used those two terms.
A switch typically operates on Layer 2 (MAC addresses) not Layer 3 (IP addresses). It maintains a MAC table of what devices are connected to what ports, and forwards traffic to those ports as required. I suppose in theory that provides a bit of security, but in reality the way switches discover devices on ports is so trivial and low level that any "attacker" could easily spoof an ARP request and convince the switch that it should also receive the data intended for another device.

Quote:My understanding is that "Span to PC" forwards ALL traffic to PC port. It evens forwards the packets from the internal "phone itself" port and that's where I see a small "security issue" (although it has VLAN tags). This is a hub behavior.

Have you tested that assumption by using wireshark to listen on the PC port and see if VLAN traffic shows up? Keep in mind you'd have to do layer 2 sniffing since your NIC will otherwise normally drop the packets before even presenting them to a higher layer (the IP stack).

Since the Yealink phones are all running a flavour of Linux I suspect you'll find that your assumptions are not correct. As I suggested previously, I would strongly believe that the phone is creating a bridge between the PC port and the Internet port. In Linux a bridge has it's own MAC table and operates just like a switch, keeping track of what target MACs exist on which port, and forwarding traffic accordingly. If it doesn't know what port the destined packet should go out of, it sends an ARP request and figures it out, just like a normal switch.

If you are worried that someone connected to the PC port could in theory reconfigure their PC to be on the voice VLAN and thus intercept traffic ("a security concern") I would argue that they could do that simply by yanking the cable out of the phone and connecting it directly to their computer (which is a trivial matter since you're assuming they'd know how to configure the VLAN on their PC and the phone is sitting on their desk).

All in all just trying to say don't go under the belief that VLANs themselves are providing you with network security.
11-27-2014 04:17 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 

Messages In This Thread
Transparent PC port [SOLVED] - Ret - 11-17-2014, 09:27 PM
RE: Transparent PC port - James_Yealink - 11-18-2014, 02:53 PM
RE: Transparent PC port - Ret - 11-18-2014, 08:52 PM
RE: Transparent PC port - Ret - 11-21-2014, 05:35 AM
RE: Transparent PC port [SOLVED] - jolouis - 11-24-2014, 11:49 PM
RE: Transparent PC port [SOLVED] - Ret - 11-25-2014, 10:00 PM
RE: Transparent PC port [SOLVED] - jolouis - 11-27-2014 04:17 AM
RE: Transparent PC port [SOLVED] - Ret - 11-28-2014, 04:30 AM

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Add extra functionality to T48S USB port Bertin 0 5,331 06-19-2018 06:45 AM
Last Post: Bertin
Lightbulb Local SIP Port - Allow port range or port value equal to 0! ruiseixas 5 16,442 03-27-2017 05:48 PM
Last Post: VOIP
  Add USB port to power external device (DECT handset dock, headset, ...) oliv 2 9,420 12-27-2016 05:19 PM
Last Post: oliv

Forum Jump:

User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication