nanog mailing list archives

Re: Synful Knock questions...

From: Michael Douglas <Michael.Douglas () IEEE org>
Date: Tue, 15 Sep 2015 14:50:06 -0400

Wouldn't the calculated MD5/SHA sum for the IOS file change once it's
modified (irrespective of staying the same size)?  I'd be interested to see
if one of these backdoors would pass the IOS verify command or not.  Even
if the backdoor changed the verify output; copying the IOS file off the
router and MD5/SHA summing it on another host should show a difference.  I
guess maintaining the file size is to prevent something like RANCID firing
off a diff on the flash dir output.

Current thread:

Synful Knock questions... eric-list (Sep 15)
- Re: Synful Knock questions... Michael Douglas (Sep 15)
  - Re: Synful Knock questions... Ricky Beam (Sep 15)
- Re: Synful Knock questions... Jake Mertel (Sep 15)
  - Re: Synful Knock questions... Michael Douglas (Sep 15)
    - Re: Synful Knock questions... Jake Mertel (Sep 15)
    - Re: Synful Knock questions... Valdis . Kletnieks (Sep 15)
    - Re: Synful Knock questions... Jake Mertel (Sep 15)
    - Re: Synful Knock questions... Jared Mauch (Sep 15)
  - Re: Synful Knock questions... Marcin Cieslak (Sep 15)
  - Re: Synful Knock questions... Stephen Satchell (Sep 15)
    - Re: Synful Knock questions... Valdis . Kletnieks (Sep 15)
    - Re: Synful Knock questions... Alain Hebert (Sep 15)
    - Re: Synful Knock questions... Blake Hudson (Sep 15)
    - Re: Synful Knock questions... Paul Ferguson (Sep 15)

(Thread continues...)