Snort mailing list archives

Re: 1.8 Tarball and MD5 hashes

From: "Bill Marquette" <wlmarque () hewitt com>
Date: Thu, 12 Jul 2001 14:31:17 -0500


Call me crazy, but that looks suspiciously like the checksum (not checksum, not
MD5sum) file from an OpenBSD 2.9 installation.  As far as I can tell, the snort
1.8 tarball I downloaded doesn't have a CKSUM file in it.  I'd say you're
looking at the wrong data.  Oh, also, there is no I386 snort tarball, just a
source tarball, the most recent snort tarball is at:
http://www.snort.org/Files/snort-1.8p1.tar.gz (this includes a few patches
needed for Solaris compilation).

--Bill



|--------+------------------------------->
|        |          "Matt Joyce"         |
|        |          <matt.joyce@mindshift|
|        |          .com>                |
|        |                               |
|        |          07/12/2001 02:05 PM  |
|        |                               |
|--------+------------------------------->
  >-------------------------------------------------------------------------|
  |                                                                         |
  |      To:   "SNORT Users Mailing List"                                   |
  |       <snort-users () lists sourceforge net>                               |
  |      cc:                                                                |
  |      Client:                                                            |
  |      Subject:   [Snort-users] 1.8 Tarball and MD5 hashes                |
  >-------------------------------------------------------------------------|





I recently downloaded the I386 Snort 1.8 tarball and opened it with
PKZIP.  I opened the file labeled CKSUM which is reported to be the
output of the cksum and md5 programs.  Below is the listing I get from
the CKSUM file.

1105732291 36655 INSTALL.ata
1524404648 37659 INSTALL.chs
1834618631 21798 INSTALL.dbr
4287925272 79594 INSTALL.i386
590285272 24089 INSTALL.linux
3118827465 12466 INSTALL.mbr
228365860 22559 INSTALL.os2br
1743364191 14523 INSTALL.pt
4088073212 22670849 base29.tgz
1295953098 3947412 bsd
3501894264 3311690 bsd.rd
2146392291 2949120 cdrom29.fs
1866385103 15512187 comp29.tgz
3641438184 1044783 etc29.tgz
2470927212 1474560 floppy29.fs
2805577865 1474560 floppyB29.fs
3429824664 1474560 floppyC29.fs
429618561 2775933 game29.tgz
2998059733 5570461 man29.tgz
1335438044 1690648 misc29.tgz

I am not an expert in the field of cryptography, but I thought the
output of MD5 was a 32-character hash.  Since I did not see what I
expected to see for MD5 hashes, I was suspicious of the values
associated with the CHKSUM file so I perform an MD5 hash of all the
files extracted from the tarball as shown below.


MD5Sums 1.0 freeware for Win9x/ME/NT/2000+
Copyright (C) 2001 Jem E. Berkes - http://www.pc-tools.net
Uses: RSA Data Security, Inc. MD5 Message-Digest Algorithm
Type md5sums.exe -h for help

[Path] / filename                              MD5 sum
------------------------------------------------------------------------
-------
[h:\downloads\snort_1_8\]
base29.tgz
4703bdefa294e5a2b8fbd20344a3522e
boot.catalog
d5060021b26a575bb4a0b231ebcc35b7
bsd
50e3cc39a98b5c66cd4d844d41c13f99
bsd.rd
6011950986398e0993367923f969c9ea
cdrom29.fs
25dd8fb31d47f8400ec14a1229c20878
CKSUM
af3327bd7e9acedd7339c7258d0aeeeb
comp29.tgz
7c1aaea9c391c78fd7e1e18e890aeda6
etc29.tgz
74a6a7d3120b96539c627205aeb22f68
floppy29.fs
2757645a993a6a9279fab9b0cdd462f5
floppyB29.fs
7532af88b8dfe924885fe9addb0d9b36
floppyC29.fs
c0a0b8a48ffb9e6872083d6f9db7f573
game29.tgz
700fd3e81ceb1c93e6203bf7a00bb2a8
index.txt
09766bf4031e8c94381db416ec8b9ba2
INSTALL.ata
6c92c2d5628c5cbe25dfae45602e311c
INSTALL.chs
1215d6ffca101c650569467619f85bf4
INSTALL.dbr
e7b9cd490107cf09290839c14c866886
INSTALL.i386
5fd94a72a39b0353faab178a67993ba6
INSTALL.linux
d95db645a58e415f9fbb0c99f2fba03c
INSTALL.mbr
3e47be3ec3a756a7e7dfb33d6eca8612
INSTALL.os2br
510c3b00ecaf9fa1994031331c590833
INSTALL.pt
467b3acc72f9f2482feae1af709bdd32
man29.tgz
9b778e9ca46afe1253621ab96cb58bdd
MD5
f3f584829fa4294bdd5bfb0666570d9b
md5.txt                                        Unable to open!
misc29.tgz
fa9fe7155821187a7f607a0ed4184da6
xbase29.tgz
88a1ef825ac860009d5d509420b88c72
xfont29.tgz
2fa047020135f800b39f4c788b8f2270
xserv29.tgz
fad4e0333ee6d83123e4351801a56ec6
xshare29.tgz
9fba56301a84cf1c4abb52f22275b8ad

Being the cautions security professional, I always verify integrity
hashes of downloaded files prior to install.  I am confused as to the
values in the CHKSUM file of the tarball.  If anyone out there has
verified the CHKSUM file with MD5 and got different results please let
me know.  If the values in the CHKSUM file are invalid, what are the
valid checksums that we should be using to validate the integrity of the
files in the I386 tarball??

Any assistance is appreciated.

Matt Joyce, CISSP, MCSE

Director of Security and Network Engineering
mindSHIFT Technologies
3975 Fair Ridge Drive
Suite 225-South
Fairfax, Virginia 22033
matt.joyce () mindshift com
(571) 432-4043 (Voice)
(571) 432-4099 (Fax)
Current thread:

1.8 Tarball and MD5 hashes Matt Joyce (Jul 12)
- <Possible follow-ups>
- Re: 1.8 Tarball and MD5 hashes Bill Marquette (Jul 12)
- FW: 1.8 Tarball and MD5 hashes Matt Joyce (Jul 12)