yggdrasil & qubes netvm question
8 views
Skip to first unread message
Oleg Artemiev
Jun 10, 2022, 9:29:22 AM6/10/22
to Qubes Users
1) Has anyone succeeded in enabling the yggdrasil network in NetVM qube?
I'm thinking about Qubes standalone PC as a server machine with the
ability to use NetVM as a shell box via yggdrasil IP.
2) BTW: it should open an attack surface on the NetVM. Is it right
that this will open the attack surface to the NetVM only or yggdrasils
multicast announces are about to interfere with other qubes?
--
Bye.
https://keybase.io/grey_olli
Blog keys (the blog is mostly in Russian): http://grey-olli.livejournal.com/tag/
I'm thinking about Qubes standalone PC as a server machine with the
ability to use NetVM as a shell box via yggdrasil IP.
2) BTW: it should open an attack surface on the NetVM. Is it right
that this will open the attack surface to the NetVM only or yggdrasils
multicast announces are about to interfere with other qubes?
--
Bye.
https://keybase.io/grey_olli
Blog keys (the blog is mostly in Russian): http://grey-olli.livejournal.com/tag/
Demi Marie Obenour
Jun 10, 2022, 1:15:25 PM6/10/22
to Oleg Artemiev, Qubes Users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Fri, Jun 10, 2022 at 04:29:08PM +0300, Oleg Artemiev wrote:
> 1) Has anyone succeeded in enabling the yggdrasil network in NetVM qube?
> I'm thinking about Qubes standalone PC as a server machine with the
> ability to use NetVM as a shell box via yggdrasil IP.
I suggest not running the server in sys-net if possible, and instead
running it in a qube attached to sys-net. sys-net has lots of attack
surface against the hypervisor via the PCI devices attached to it.
- --
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKjfCMACgkQsoi1X/+c
IsHGBRAAstI3qMSbYWwTr5Hfq235YJwNtZFyePXaYcze5mhWfje7fH0eZiM6V8RA
qbcQ2V4LLuHIGELemK7wrk9ELt9So3LThNaW+Xx+YFIzpzkcQp+mxwbDx8Je4xnQ
VkuXlzBLp6rLN/R6Ezs4xgTiaM1Xq+UR3s4pUYriYX7mOUM8tF7BeSlHnEJ7+/It
JPpBdX+GuA/EUxH9BF4IumkUvSdEU9R82cF4Gw/XGdfAg+rmethL9ZAn3BxYVRf0
uaHlOD0Cm3lKGzzhgXfAKToRbNUcOIG0JrYZ3dNafsu+6RWGhhfEb2f0R9q0gnZ8
L0uO/n7+GedtRExhTD9t/t2PO9wRu4UeLAADVz9y6ROgyd15tn3/U1H6DHTqsN2A
j86l/7rQNEN1gkE1udA+KQafGudb9IVg7/SOC66sMEhcLehSP9/Vj7bSYfSVL+8w
8kINXDOpHA9asOu6AKLxEnFTKBA8yLTZzuMEUouUN8mk9rjdkvVmA8hkL5KXkyy3
Q9w/4bLwDD5Bt7XweLXgD6m7yOj+zgKR1SHGRODlUrPZ8LH99SzsnLk9NL5WiQIe
eTm9/HS2WSNlqSRMt4GONob9GIlg3mHIbNtXdDVxWy5R7HmODaZnXCkRYoGUcJJT
hqaENpR0iXSWWpzMLOwDrbIC1pm02oWVRRU3BaSuJoPquH4slNo=
=RKYH
-----END PGP SIGNATURE-----
Hash: SHA256
On Fri, Jun 10, 2022 at 04:29:08PM +0300, Oleg Artemiev wrote:
> 1) Has anyone succeeded in enabling the yggdrasil network in NetVM qube?
> I'm thinking about Qubes standalone PC as a server machine with the
> ability to use NetVM as a shell box via yggdrasil IP.
running it in a qube attached to sys-net. sys-net has lots of attack
surface against the hypervisor via the PCI devices attached to it.
- --
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKjfCMACgkQsoi1X/+c
IsHGBRAAstI3qMSbYWwTr5Hfq235YJwNtZFyePXaYcze5mhWfje7fH0eZiM6V8RA
qbcQ2V4LLuHIGELemK7wrk9ELt9So3LThNaW+Xx+YFIzpzkcQp+mxwbDx8Je4xnQ
VkuXlzBLp6rLN/R6Ezs4xgTiaM1Xq+UR3s4pUYriYX7mOUM8tF7BeSlHnEJ7+/It
JPpBdX+GuA/EUxH9BF4IumkUvSdEU9R82cF4Gw/XGdfAg+rmethL9ZAn3BxYVRf0
uaHlOD0Cm3lKGzzhgXfAKToRbNUcOIG0JrYZ3dNafsu+6RWGhhfEb2f0R9q0gnZ8
L0uO/n7+GedtRExhTD9t/t2PO9wRu4UeLAADVz9y6ROgyd15tn3/U1H6DHTqsN2A
j86l/7rQNEN1gkE1udA+KQafGudb9IVg7/SOC66sMEhcLehSP9/Vj7bSYfSVL+8w
8kINXDOpHA9asOu6AKLxEnFTKBA8yLTZzuMEUouUN8mk9rjdkvVmA8hkL5KXkyy3
Q9w/4bLwDD5Bt7XweLXgD6m7yOj+zgKR1SHGRODlUrPZ8LH99SzsnLk9NL5WiQIe
eTm9/HS2WSNlqSRMt4GONob9GIlg3mHIbNtXdDVxWy5R7HmODaZnXCkRYoGUcJJT
hqaENpR0iXSWWpzMLOwDrbIC1pm02oWVRRU3BaSuJoPquH4slNo=
=RKYH
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages