Home page logo
/

nanog logo nanog mailing list archives

Re: verify currently running software on ram
From: Saku Ytti <saku () ytti fi>
Date: Mon, 13 Jan 2014 12:51:03 +0200

On (2014-01-13 12:46 +0200), Saku Ytti wrote:
On (2014-01-13 12:26 +0200), Tassos Chatzithomaoglou wrote:

I'm looking for ways to verify that the currently running software on our Cisco/Juniper boxes is the one that is 
also in the flash/hd/storage/etc.

IOS: verify /md5 flash:file
JunOS: filechecksum md5|sha-256|sha1 file

But if your system is owned, maybe the verification reads filename and outputs
expected hash instead of correct hash.

mea culpa, you were looking to check running to image, I don't think this is
practical.
In IOS its compressed and decompressed upon boot, so no practical way to map
the two together.
Same is true in JunOS, even without compression it wouldn't be possible to
reasonably map the *.tgz to RAM.

I think vendors could take page from XBOX360 etc, and embed public keys inside
their NPU in modern lithography then sign images, it would be impractical
attack vector.
But changing memory runtime is probably going to very complicated to verify,
easier to create infrastructure/HW where program memory cannot be changed
runtime.

-- 
  ++ytti


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault