What would happen if my internet network hacked while using qubes?

gg11331 · February 8, 2022, 6:07pm

I was thinking about these words. “Qubes OS: The Operating System That Can Protect You Even If You Get Hacked"
I was wondering if qubes can protect me even if my network got hacked .

tech3599 · February 8, 2022, 6:55pm

I would suggest reading these pages, as they probably do a better job of explaining the basics of Qubes security more completely than me:

The short answer would likely be “It depends, but you’ll most likely stay secure so long as you use Qubes OS properly.”

adw · February 9, 2022, 6:44am

Qubes already assumes the network is compromised. See the links @tech3599 helpfully provided (and the rest of the documentation) to learn more.

gg11331 · February 9, 2022, 7:04am

What the person who hacked my network can see ?

Is there thoughts of the outputs that will show the person trying to hack my network.

slcoleman · February 10, 2022, 7:13pm

If you install and run an application such as tcpdump within your template for sys-net vm you will be able to see the traffic on the wire as the hacker might see it. There are a number of network trace applications but it’s best to keep the footprint small in sys-net.

sys-net> sudo tcpdump -I eth0

Replace the above with your external interface on your network card. You will likely see a lot of stuff flying by so you might want to redirect it and capture a few seconds of output and then go look up on the internet what each entry means. That following discussion will not be a qubes specific discussion so look for a network related forum for extending that conversation.

unman · February 13, 2022, 2:33am

All the traffic from your Qubes box.
They would be able to see where the traffic was going, and what sort
of traffic it is(http,https,ssh,etc - update checks, time checks, checks for
mail, sending mail.)
If the traffic is not encrypted, they would be able to read the
contents.
For encrypted traffic they might be able to deduce the contents.

They would be able to see that you are using Qubes, and whether you were
using Tor.
They would likely be able to guess which templates you are using, and
which packages are installed.
Depending on the resources they have they may be able to deanonymize
you.

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.

stuporchase · October 7, 2022, 1:09am

@slcoleman What network related forums do you recommend?

slcoleman · October 7, 2022, 9:36pm

@stuporchase There are so many forums, where to even start? I’ll just give you a few lists of forums to get you started. It all depends of what specific area of network security you would like to focus on. If you are using any specific software there will likely be forums for that software as well.

Lists of forums:

You may also want to search Shodan for your own IP address to see what exploits are actual threats for your specific situation.

https://www.shodan.io/

Then play with Etherape to visually watch what is actually happening on your local/virtual network.

list all your interfaces in a VM

appvm> ifconfig -a

then watch specific traffic on your various interfaces

e.g. watch wired internet traffic trying to probe you

sys-net> sudo etherape -i ens6

wireless traffic trying to probe you

sys-net> sudo etherape -i wls7

traffic from sys-firewall

sys-net> sudo etherape -i vif3.0

probably the best place to watch your own personal traffic in Qubes

sys-firewall> sudo etherape -i eth0

specific connections for each individual AppVM

sys-firewall> sudo etherape -i vif4.0
sys-firewall> sudo etherape -i vif5.0
sys-firewall> sudo etherape -i vif7.0

just substitute the proper interface <-i vif#.#> for your VM of interest to monitor