[104778] in North American Network Operators' Group
Re: IOS Rookit: the sky isn't falling (yet)
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue May 27 13:35:56 2008
To: Chris Grundemann <cgrundemann@gmail.com>
In-Reply-To: Your message of "Tue, 27 May 2008 11:24:19 MDT."
<443de7ad0805271024o199dc443u6f907eda871433f8@mail.gmail.com>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 27 May 2008 13:35:41 -0400
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1211909741_3133P
Content-Type: text/plain; charset=us-ascii
On Tue, 27 May 2008 11:24:19 MDT, Chris Grundemann said:
> Like MD5 File Validation? - "MD5 values are now made available on
> Cisco.com for all Cisco IOS software images for comparison against
> local system image values."
That does wonders for catching a corruption in the FTP that wasn't caught
by the relatively weak TCP checksumming.
But if the attacker has the wherewithal to cause a modified file to be
downloaded (either by replacing it on the real server, or getting you to
visit a fake server), they can also present you with a webpage that has an
MD5 hash that matches the modified file.
Now, if they provided a PGP signature of the file, done with a key that I
have reason to trust, *that* raises the bar significantly...
--==_Exmh_1211909741_3133P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFIPEZtcC3lWbTT17ARAtzHAJwO2zjwnGSbZAQJOIInz7hpWBE6rACfdxlw
6fY9EelObgYQQnTmK7t0Tdo=
=6L/R
-----END PGP SIGNATURE-----
--==_Exmh_1211909741_3133P--
