On 09/25/2016 02:34 AM, neilhard...@gmail.com wrote:
Let's say I have a Qubes machine connected to a 2nd laptop by Ethernet.

The Qubes machine is sharing its Internet connection.

Let's say the Qubes machine gets hit with a DMA attack.

The 2nd laptop is not a Qubes machine, and therefore doesn't have VT-D for DMA 

Can the DMA attack be "carried forward" to the 2nd laptop... or is it killed 
for good by the Qubes machine..?


The former is true: A Qubes netvm (e.g. sys-net) is like having a separate router device. If its compromised it could launch (non-DMA) attacks against other devices on the net... AND against your appvms.

But proxyvms can help protect your other vms in various ways: A sys-firewall can filter packets with hardly any risk of being attacked itself. A VPN gateway can reject anything that doesn't belong to the encrypted packet stream. Etc...

Of course, non-networked VMs are the safest of all.


You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to