Am Montag, 12. September 2016 01:29:14 UTC+2 schrieb neilh...@gmail.com:
> Qubes uses VT-D to protect against DMA attacks on things such as WiFi chip.
>
> But are there any proven DMA attacks against wired networking, i.e.
> Ethernet..?
>
> Hackers can exploit a buffer overflow on the network card's firmware, and use
> that to take control of the network card, and issue a DMA attack to take
> control of the entire host computer.
>
> I previously posted a thread about this on qubes-users ("Question on DMA
> attacks")
> ... and Marek mentioned WiFi when speaking of DMA attacks.
>
> Is Ethernet also vulnerable...? Or just WiFi..?
>
> I say this because I wanted to build a Tor router that sits between Qubes and
> my main router... so that even if Qubes gets hacked, they can only see what
> I'm doing, and not WHO I am. The theory being, that there are no exploits for
> Tor itself, and only for the Firefox browser. Thus, the IP address is always
> obscured behind the Tor router.
>
> So my router box is going to have Ethernet only, because if my Qubes is
> hacked, then it could just use WiFi to scan for nearby routers, including my
> own WiFi router, and thus identify me.
>
> So, wired networking is a must.
>
> And thus, I wanted to know if Ethernet is vulnerable to DMA attacks, because
> if it is, then I would have to use Qubes for the Tor box in the middle.. or
> at least, use some OS that supports VT-D, even if it's not Qubes.
>
> Qubes has high system requirements, thus I'd prefer to have a cheap computer
> as the Tor router in the middle.. But if there truly are exploits against
> Ethernet, then I'll just have to use Qubes.
VT-d can do memory insulation, and should assign a memory range (pci-address
space of a pci device) exclusively to one VM, so the attacker of that hw can do
DMA into that VM, if done properly.
But there is that evil ME in the Northbridge. How does the ME-processor behave
regarding VT-d? Can it be assigned exclusively to a honey-pot-vm that runs
windows2000?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/6197ee2d-d60c-4d33-b26f-618ab23e5eac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
