lik...@gmx.de:
accept dns
and
accept icmp
1. Is my assumption correct that by that it's possible to exfiltrate data to
any destination server using dns/icmp?
Yes.
2. What are practical solutions to mitigate that?
a) delete "accept dns/icmp" rules in the firewall and add the
corresponding IPs to the restricted domains/ips in /etc/hosts of the vm?
This is the simplest approach and what I do on a couple AppVMs. You'll
have to use the qvm-firewall command to delete them.
--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/3c82b9ba-650b-5f5b-d3e2-74ea535ed864%40danwin1210.de.
