Re: IOS Rookit: the sky isn't falling (yet)

[goemon () anime net]

On Tue, 27 May 2008, Valdis.Kletnieks () vt edu wrote:
> On Tue, 27 May 2008 11:24:19 MDT, Chris Grundemann said:
> > Like MD5 File Validation? - "MD5 values are now made available on
> > Cisco.com for all Cisco IOS software images for comparison against
> > local system image values."
> That does wonders for catching a corruption in the FTP that wasn't caught
> by the relatively weak TCP checksumming.
> But if the attacker has the wherewithal to cause a modified file to be
> downloaded (either by replacing it on the real server, or getting you to
> visit a fake server), they can also present you with a webpage that has an
> MD5 hash that matches the modified file.
> Now, if they provided a PGP signature of the file, done with a key that I
> have reason to trust, *that* raises the bar significantly...

What you want is cisco hardware that verifies firmware signatures in 
hardware.

-Dan