nanog mailing list archives

Re: verify currently running software on ram

From: Tassos Chatzithomaoglou <achatz () forthnet gr>
Date: Mon, 13 Jan 2014 14:09:19 +0200

That verifies the software that is stored somewhere, not the currently running one.

Someone "insider" could load a "hacked" software into flash, boot the router with that file (supposing that he has 
found a way to do so) and then replace the file on the flash with the real one.
How can you verify that the running software is actually the original one?

--
Tassos

Saku Ytti wrote on 13/1/2014 12:46:

On (2014-01-13 12:26 +0200), Tassos Chatzithomaoglou wrote:

I'm looking for ways to verify that the currently running software on our Cisco/Juniper boxes is the one that is 
also in the flash/hd/storage/etc.

IOS: verify /md5 flash:file
JunOS: filechecksum md5|sha-256|sha1 file

But if your system is owned, maybe the verification reads filename and outputs
expected hash instead of correct hash.

Current thread:

verify currently running software on ram Tassos Chatzithomaoglou (Jan 13)
- Re: verify currently running software on ram Saku Ytti (Jan 13)
  - Re: verify currently running software on ram Saku Ytti (Jan 13)
    - Re: verify currently running software on ram Tassos Chatzithomaoglou (Jan 13)
    - Re: verify currently running software on ram shawn wilson (Jan 13)
    - Re: verify currently running software on ram shawn wilson (Jan 13)
  - Re: verify currently running software on ram Tassos Chatzithomaoglou (Jan 13)
- Re: verify currently running software on ram Valdis . Kletnieks (Jan 13)
  - Re: verify currently running software on ram Jay Ashworth (Jan 13)
- Re: verify currently running software on ram Michael Costello (Jan 13)