verify currently running software on ram

Tassos Chatzithomaoglou achatz at forthnet.gr
Mon Jan 13 12:09:19 UTC 2014


That verifies the software that is stored somewhere, not the currently running one.

Someone "insider" could load a "hacked" software into flash, boot the router with that file (supposing that he has found a way to do so) and then replace the file on the flash with the real one.
How can you verify that the running software is actually the original one?

--
Tassos

Saku Ytti wrote on 13/1/2014 12:46:
> On (2014-01-13 12:26 +0200), Tassos Chatzithomaoglou wrote:
>
>> I'm looking for ways to verify that the currently running software on our Cisco/Juniper boxes is the one that is also in the flash/hd/storage/etc.
> IOS: verify /md5 flash:file
> JunOS: filechecksum md5|sha-256|sha1 file
>
> But if your system is owned, maybe the verification reads filename and outputs
> expected hash instead of correct hash.
>





More information about the NANOG mailing list