Re: IOS Rookit: the sky isn't falling (yet)

• From: Valdis . Kletnieks
• Date: Tue May 27 13:35:52 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

On Tue, 27 May 2008 11:24:19 MDT, Chris Grundemann said:

> Like MD5 File Validation? - "MD5 values are now made available on
> Cisco.com for all Cisco IOS software images for comparison against
> local system image values."

That does wonders for catching a corruption in the FTP that wasn't caught
by the relatively weak TCP checksumming.

But if the attacker has the wherewithal to cause a modified file to be
downloaded (either by replacing it on the real server, or getting you to
visit a fake server), they can also present you with a webpage that has an
MD5 hash that matches the modified file.

Now, if they provided a PGP signature of the file, done with a key that I
have reason to trust, *that* raises the bar significantly...

Attachment: pgp00005.pgp
Description: PGP signature

• Follow-Ups:
  • Re: IOS Rookit: the sky isn't falling (yet) goemon

• References:
  • IOS Rookit: the sky isn't falling (yet) Nicolas FISCHBACH
  • Re: IOS Rookit: the sky isn't falling (yet) Alexander Harrowell
  • Re: IOS Rookit: the sky isn't falling (yet) Jared Mauch
  • Re: IOS Rookit: the sky isn't falling (yet) Gadi Evron
  • Re: IOS Rookit: the sky isn't falling (yet) Valdis . Kletnieks
  • Re: IOS Rookit: the sky isn't falling (yet) Adrian Chadd
  • Re: IOS Rookit: the sky isn't falling (yet) Chris Grundemann

• Prev by Date: unsubscribe
• Next by Date: RE: unsubscribe
• Date Index
• Thread Index
• Author Index
• Historical