[168146] in North American Network Operators' Group
Re: verify currently running software on ram
daemon@ATHENA.MIT.EDU (Tassos Chatzithomaoglou)
Mon Jan 13 07:09:50 2014
Date: Mon, 13 Jan 2014 14:09:19 +0200
From: Tassos Chatzithomaoglou <achatz@forthnet.gr>
To: Saku Ytti <saku@ytti.fi>, nanog@nanog.org
In-Reply-To: <20140113104651.GA25317@pob.ytti.fi>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
That verifies the software that is stored somewhere, not the currently running one.
Someone "insider" could load a "hacked" software into flash, boot the router with that file (supposing that he has found a way to do so) and then replace the file on the flash with the real one.
How can you verify that the running software is actually the original one?
--
Tassos
Saku Ytti wrote on 13/1/2014 12:46:
> On (2014-01-13 12:26 +0200), Tassos Chatzithomaoglou wrote:
>
>> I'm looking for ways to verify that the currently running software on our Cisco/Juniper boxes is the one that is also in the flash/hd/storage/etc.
> IOS: verify /md5 flash:file
> JunOS: filechecksum md5|sha-256|sha1 file
>
> But if your system is owned, maybe the verification reads filename and outputs
> expected hash instead of correct hash.
>
