[168150] in North American Network Operators' Group
Re: verify currently running software on ram
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Jan 13 07:45:39 2014
To: Tassos Chatzithomaoglou <achatz@forthnet.gr>
In-Reply-To: Your message of "Mon, 13 Jan 2014 12:26:02 +0200."
<52D3BF3A.1040905@forthnet.gr>
From: Valdis.Kletnieks@vt.edu
Date: Mon, 13 Jan 2014 07:44:49 -0500
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1389617089_2554P
Content-Type: text/plain; charset=us-ascii
On Mon, 13 Jan 2014 12:26:02 +0200, Tassos Chatzithomaoglou said:
> I'm looking for ways to verify that the currently running software on our
> Cisco/Juniper boxes is the one that is also in the flash/hd/storage/etc.
In general, asking the operating system if it's pwned is an insoluble
problem, because the pwner will of course arrange that the answer to such
a query be "No, I'm not pwned".
You really need assistance from one layer further down - if you're in a
VM, you need to ask the hypervisor. If you're on bare metal, you need to
ask the SMM or equivalent. If you're in the SMM, you need to ask the
hardware. And of course, at each level, you have to ask yourself how you
know that *that* level isn't lying to you....
(Yes, this is the corner of system security where, if you're not already
a paranoid schizophrenic, you will be soon.. :)
--==_Exmh_1389617089_2554P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Exmh version 2.5 07/13/2001
iQIVAwUBUtPfwQdmEQWDXROgAQLG1w//bR9SqbSQAwdPWoLJcJTTu2YiIQxP5+hl
zv/gaevF6O4HMZ6w3xzAp4jF2CCZJCRip16u51xtHaNJ/kHXfpOSFnKr2zMn7+2K
jSqduJGEQiCMOnas0etJW6sDji5BVoKdwfqMdrsTYQPUsxkcCMxBzZUdx1hDpuSh
jlLMSQALLskjtz/yb0Bj/E4MUdD1R/xjVHdQHmBgPnovFuVp9aTsFNknw16DXfLA
P/Sq8JUxh+qSdK18CJC1Ub1vuwvvDM29qCB7bmckXCP5Fi7cEE/vByTePuaF6Qig
C5uEO8YEllj0riuqQt9iNb5pX66+JxXmV58vierRPo6V4nEDQEQYct0Lj+K79dPt
vJGzXbjG4v4cVlernMgsxfs5WwH3jgxlRB/PQuRYJl9TuIPp66d+IjXKwIx7xQMZ
7aiVibkY3E63a1VP1Cv/aDHK9RPosPOkugR2SDQGs4tK7KbyVPGtZRjezi8jsPz9
8g/sUfpeo3U/R9eJh9Js/bQRK8uIJytVbL1dN5sUXeIqZUh/EQ+Rov3bDc3diIYE
4774b+0ULRJ4hlcNH8J5u3v8zM97Wz7J+LroLXNETE3zSq2BRC/6VQ9XMvM6/ekw
ScsySQcMpuj1PpQ/ip8t5J+UtYgpkV9MmP5j8cTYQa4TaUTkWoZBGa37uM0AX3Oq
Fg5gFhZpVF0=
=nfgc
-----END PGP SIGNATURE-----
--==_Exmh_1389617089_2554P--
