Synful Knock questions...

Michael Douglas Michael.Douglas at IEEE.org
Tue Sep 15 18:50:06 UTC 2015


Wouldn't the calculated MD5/SHA sum for the IOS file change once it's
modified (irrespective of staying the same size)?  I'd be interested to see
if one of these backdoors would pass the IOS verify command or not.  Even
if the backdoor changed the verify output; copying the IOS file off the
router and MD5/SHA summing it on another host should show a difference.  I
guess maintaining the file size is to prevent something like RANCID firing
off a diff on the flash dir output.



More information about the NANOG mailing list