Re: [qubes-users] Q: attaching a partition to a VM vs. attaching the whole disk
On 1/3/21 3:53 PM, unman wrote: On Sat, Jan 02, 2021 at 06:18:52PM +0100, Ulrich Windl wrote: Hi! I have an effect I'm wondering about: May USB stick has partitions on it, one being FAT having a KeePass DB in it. When I attach that partition to a VM (eg. vault) and try to access the partition, I see no mountable disk in the file manager (e.g. from KeePassXC). However when I attach the whole stick to the VM, I see all partitions being offered to mount in the file manager under "Other locations". Is this the way it should be? I'd like to attach only the partition needed, but usability forces me to attach the whole stick... You can mount the partition only on the command-line, maybe it's a UI issue by the file manager you use. Possibly interesting for your use case: https://github.com/3hhh/qcrypt -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e955dd98-09bf-0005-6ab4-2ed97d05d5b0%40hobach.de. smime.p7s Description: S/MIME Cryptographic Signature
Re: [qubes-users] Q: attaching a partition to a VM vs. attaching the whole disk
On Sat, Jan 02, 2021 at 06:18:52PM +0100, Ulrich Windl wrote: > Hi! > > I have an effect I'm wondering about: > May USB stick has partitions on it, one being FAT having a KeePass DB in it. > When I attach that partition to a VM (eg. vault) and try to access the > partition, I see no mountable disk in the file manager (e.g. from > KeePassXC). > However when I attach the whole stick to the VM, I see all partitions being > offered to mount in the file manager under "Other locations". > > Is this the way it should be? I'd like to attach only the partition needed, > but usability forces me to attach the whole stick... > > Regards, > Ulrich > It is how it should be. As you are attaching a partition there is no disk for the "file manager" to identify, and scan for partitions. Your usability concern could be addressed by automounting /dev/xvdi.., or by using a helper script in dom0 to mount at a custom mount point when you attach that partition to vault. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20210103145345.GA26298%40thirdeyesecurity.org.
Re: [qubes-users] wireless " intruder "
On 1/3/21 12:43 PM, haaber wrote: In particular: How can I log packets while scannning? If mirage died due to incoming packets, you should see the offensive payload with e.g. wireshark. The attack couldn't be on a lower layer as that is handled by your wifi driver in sys-net only. In companies triangulation tends to be used to find wifi attackers IIRC. So you're likely on the right path. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0297efff-db60-f231-5d36-5b7acb90e5a1%40hackingthe.net. smime.p7s Description: S/MIME Cryptographic Signature
Re: [qubes-users] wireless " intruder "
On 1/3/21 1:04 PM, David Hobach wrote: On 1/3/21 12:43 PM, haaber wrote: Hello, I have a intriguing problem, partially qubes-related. I have a "intruder" in my wifi network. I have no idea how to physically localise that offensive antenna, but that is not a qubes subject (if you have any ideas, they are welcome!). Of course I can just change the SSID and pwd, but this is not the whole point: When I portscan the offensive object using nmap (all ports are filtered.) it counter-fires and kills off my mirage-firewall! That is fancy. The network structure is sys-net - mirage-firewall -qubes-firewall - dispVM and nmap runs in dispVM. I am quite surprised and willing to "play" a bit with this enemy, but I would need some help. In particular: How can I log packets while scannning? Is there a way to find out how/why the mirage firewall (0.7) dies? That suggests a weakness which is relevant to many of us! Cheers, Bernhard Your firewalls might interfere with the nmap replies and thus everything is shown as filtered. I did it in sys-net but they remain "filtered". That is not a firewall-artefact. Maybe nmap causes the mirage death. That wouldn't be a good job by mirage though and should be reported as bug to the dev. I thought that, too. How would verify it is really nmap? As a test, I scanned two phones in my wifi (in the same dispVM), without any trouble, using the same command. I re-scanned the offensive object, 181 seconds later mirage is dead again. Fascinating. P.S: I will see if I can use my phone as AP honypot using the same SSID & pwd to find that antenna using signal strength (the idea is that I can move it), but usually that is very hard, due to natural "shadows" and reflections. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/42a9d26b-764e-3806-6dc1-93c7385a8e17%40web.de.
Re: [qubes-users] wireless " intruder "
On 1/3/21 12:43 PM, haaber wrote: Hello, I have a intriguing problem, partially qubes-related. I have a "intruder" in my wifi network. I have no idea how to physically localise that offensive antenna, but that is not a qubes subject (if you have any ideas, they are welcome!). Of course I can just change the SSID and pwd, but this is not the whole point: When I portscan the offensive object using nmap (all ports are filtered.) it counter-fires and kills off my mirage-firewall! That is fancy. The network structure is sys-net - mirage-firewall -qubes-firewall - dispVM and nmap runs in dispVM. I am quite surprised and willing to "play" a bit with this enemy, but I would need some help. In particular: How can I log packets while scannning? Is there a way to find out how/why the mirage firewall (0.7) dies? That suggests a weakness which is relevant to many of us! Cheers, Bernhard Your firewalls might interfere with the nmap replies and thus everything is shown as filtered. Also the above network setup looks weird (why two firewalls in a chain?). Maybe nmap causes the mirage death. That wouldn't be a good job by mirage though and should be reported as bug to the dev. Anyway I'd recommend doing nmap directly from sys-net or from a VM that is directly connected to sys-net. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/095226c5-a156-1afc-14be-987e966996ff%40hackingthe.net. smime.p7s Description: S/MIME Cryptographic Signature
[qubes-users] wireless " intruder "
Hello, I have a intriguing problem, partially qubes-related. I have a "intruder" in my wifi network. I have no idea how to physically localise that offensive antenna, but that is not a qubes subject (if you have any ideas, they are welcome!). Of course I can just change the SSID and pwd, but this is not the whole point: When I portscan the offensive object using nmap (all ports are filtered.) it counter-fires and kills off my mirage-firewall! That is fancy. The network structure is sys-net - mirage-firewall -qubes-firewall - dispVM and nmap runs in dispVM. I am quite surprised and willing to "play" a bit with this enemy, but I would need some help. In particular: How can I log packets while scannning? Is there a way to find out how/why the mirage firewall (0.7) dies? That suggests a weakness which is relevant to many of us!Cheers, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/05b44784-2fd3-4241-7e52-4afbfda7d036%40web.de.