verify currently running software on ram

Tassos Chatzithomaoglou achatz at
Mon Jan 13 12:09:19 UTC 2014

That verifies the software that is stored somewhere, not the currently running one.

Someone "insider" could load a "hacked" software into flash, boot the router with that file (supposing that he has found a way to do so) and then replace the file on the flash with the real one.
How can you verify that the running software is actually the original one?


Saku Ytti wrote on 13/1/2014 12:46:
> On (2014-01-13 12:26 +0200), Tassos Chatzithomaoglou wrote:
>> I'm looking for ways to verify that the currently running software on our Cisco/Juniper boxes is the one that is also in the flash/hd/storage/etc.
> IOS: verify /md5 flash:file
> JunOS: filechecksum md5|sha-256|sha1 file
> But if your system is owned, maybe the verification reads filename and outputs
> expected hash instead of correct hash.

More information about the NANOG mailing list