An attacker can exploit the vulnerability by sending a malformed protocol-specific Telnet command while establishing a connection to the affected device, because of a flaw in how the protocol fails to properly process some commands.
Cisco said that there are “no workarounds” to address the vulnerability, but it said that disabling Telnet would “eliminate” some risks.
Source: Hundreds of Cisco switches vulnerable to flaw found in WikiLeaks files | ZDNet
The ultrafast switch is made out of an artificial material engineered to have properties that are not found in nature. In this case, the “metamaterial” consists of nanoscale particles of vanadium dioxide (VO2) – a crystalline solid that can rapidly switch back and forth between an opaque, metallic phase and a transparent, semiconducting phase – which are deposited on a glass substrate and coated with a “nanomesh” of tiny gold nanoparticles.
The scientists report that bathing these gilded nanoparticles with brief pulses from an ultrafast laser generates hot electrons in the gold nanomesh that jump into the vanadium dioxide and cause it to undergo its phase change in a few trillionths of a second.
The Siemens switch zero-day vulnerabilities are in the Web server interface to the devices. The researcher says the first of the two zero-day flaws he found in the Siemens SCALANCE X-200 switch was basic: a poorly constructed session ID setup, which would allow an attacker to hijack an administrative session on the switch without credentials. The session ID basically exposes the client’s IP address so an attacker could then hijack the admin’s Web-based session while managing the switch. “But you don’t log onto these switches very often — maybe once a year– so, in that sense, it’s a weak vulnerability,” he says.
The more critical zero-day Leverett found in the switch was the second one, which would let an attacker take over the admin operations of the switch — no authentication required. The attacker could then download any network configuration information, or upload a malware-ridden firmware update, for example, Leverett says. “The device assumes if you know the URL, you must have authentication. But it never asks you to authenticate [for it],” he says.
via Zero-Day Flaws Found, Patched In Siemens Switches — Dark Reading.
As market data enters the switch, the Ethernet frame is parsed serially as bits arrive, allowing partial information to be extracted and matched before the whole frame has been received.
Then, instead of waiting until the end of a potential triggering input packet, pre-emption is used to start sending the overhead part of a response which contains the Ethernet, IP, TCP and FIX headers. This allows completion of an outgoing order almost immediately after the end of the triggering market feed packet.
The overall effect is a dramatic reduction in latency to close to the minimum that is theoretically possible.
via Groundbreaking Results for High Performance Trading with FPGA and x86 Technologies | Low-Latency.com.
That said, many high-speed switches today use BSD Unix as their basis. While many say that the OCP is starting with a “clean sheet of paper”, the ultimate goal of the project seems to be to give datacenter administrators a “bare metal network switch”. I think it’s likely that BSD will lie at its heart. After all, why reinvent the wheel?
via Open Compute to open source high-end network switches | ZDNet.
The star of HP’s show, or at least the product with the biggest number, is the FlexFabric 12900 core switch, which can fit 768 10Gbit/s ports or 256 40Gbit/s ports. Cisco’s 18-slot Nexus 7018 claims to have the same 10Gbit/s density but only has cards to support 96 40Gbit/s ports.
via Light Reading – HP Calls Out Cisco With Data-Center Switches.
Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. It is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces and protocols (e.g. NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag). In addition, it is designed to support distribution across multiple physical servers similar to VMware’s vNetwork distributed vswitch or Cisco’s Nexus 1000V. See the full feature list here
via Open vSwitch.
The new direction that the switch represents is programmability. As SDN develops, more and more protocols are coming into play. VXLAN from VMware Inc. and NVGRE from Microsoft Corp. would be two examples, both being protocols for moving virtual machines around the network.
via Light Reading – Juniper Targets SDN With Another Core Switch.
Alcatel-Lucent has acquired Wavelength Selective Switch (WSS) specialist Capella Photonics Inc. for an undisclosed sum.
To enable the ability to capture traffic sent and received on other switch ports, Cisco Catalyst switches include a feature called the switch port analyzer feature (SPAN), as well as remote SPAN (RSPAN) and VLAN access control lists (VACLs).
SPAN is the traditional method of monitoring LAN traffic on Cisco switches. SPAN uses the concept of mirroring traffic from a set of source ports to a single destination port, which has a network capture tool connected to it.