On 1/3/21 1:04 PM, David Hobach wrote:
On 1/3/21 12:43 PM, haaber wrote:
Hello, I have a intriguing problem, partially qubes-related. I have a
"intruder" in my wifi network. I have no idea how to physically localise
that offensive antenna, but that is not a qubes subject (if you have any
ideas, they are welcome!). Of course I can just change the SSID and pwd,
but this is not the whole point:
When I portscan the offensive object using nmap (all ports are
filtered.) it counter-fires and kills off my mirage-firewall! That is
fancy. The network structure is
sys-net - mirage-firewall -qubes-firewall - dispVM
and nmap runs in dispVM. I am quite surprised and willing to "play" a
bit with this enemy, but I would need some help. In particular: How can
I log packets while scannning? Is there a way to find out how/why the
mirage firewall (0.7) dies? That suggests a weakness which is relevant
to many of us! Cheers, Bernhard
Your firewalls might interfere with the nmap replies and thus everything
is shown as filtered.
I did it in sys-net but they remain "filtered". That is not a
firewall-artefact.
Maybe nmap causes the mirage death. That wouldn't be a good job by
mirage though and should be reported as bug to the dev.
I thought that, too. How would verify it is really nmap? As a test, I
scanned two phones in my wifi (in the same dispVM), without any trouble,
using the same command. I re-scanned the offensive object, 181 seconds
later mirage is dead again. Fascinating.
P.S: I will see if I can use my phone as AP honypot using the same SSID
& pwd to find that antenna using signal strength (the idea is that I can
move it), but usually that is very hard, due to natural "shadows" and
reflections.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/42a9d26b-764e-3806-6dc1-93c7385a8e17%40web.de.
