nanog mailing list archives
Re: IOS Rookit: the sky isn't falling (yet)
From: Adrian Chadd <adrian () creative net au>
Date: Wed, 28 May 2008 01:29:03 +0800
On Tue, May 27, 2008, Chris Grundemann wrote:
Sure, its not all fire and brimstone, but the bar -was- dropped a little, and somehow you need to make sure that the IOS thats sitting on your network management site is indeed the IOS that you put there in the first place..Like MD5 File Validation? - "MD5 values are now made available on Cisco.com for all Cisco IOS software images for comparison against local system image values."
Yes, but the only thing the router checks iirc is the old-style checksum, and not some oob provided md5 hash? And if you can exploit the management box itself, you can load your own MD5 hash in. This is all the sort of stuff that public key crypto and chains of trust were meant to solve, IIRC.. Adrian
Current thread:
- IOS Rookit: the sky isn't falling (yet) Nicolas FISCHBACH (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Alexander Harrowell (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Christopher Morrow (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Jared Mauch (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Gadi Evron (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Valdis . Kletnieks (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Adrian Chadd (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Chris Grundemann (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Adrian Chadd (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Valdis . Kletnieks (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) goemon (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Valdis . Kletnieks (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Sargun Dhillon (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Sean Donelan (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) goemon (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Sean Donelan (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Kevin Oberman (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Alexander Harrowell (May 27)
- RE: IOS Rookit: the sky isn't falling (yet) michael.dillon (May 27)
- Re: IOS Rookit: the sky isn't falling (yet) Valdis . Kletnieks (May 27)