[c-nsp] Obtaining MD signature

Rick Kunkel kunkel at w-link.net
Fri May 7 15:56:49 EDT 2010


I've actually done this, yes... But my impression was that I needed to 
check it against Cisco's site as well...

Ah... wait.. I am beginning to see... The embedded hash is PART of the 
file, and is used for this verification purpose.  I *HAD* thought that the 
CCO hash was perhaps the one from Cisco (CCO=Cisco Connection Online?), 
but I thought it pretty unlikely for the router to be reaching out and 
contacting their site for this...

Getting OT here.... but what about "compromised" IOSs?  Has there ever 
been such a thing?  The perpetrator could conceivably embed their own hash 
anyhow and give it the appearance of legitimacy, couldn't they?  This 
would seem to make checking the "official" MD5 important.  Wasn't there a 
stink several years ago about counterfeit Cisco gear from overseas?  Were 
there any non-official IOSs that floated around at this same point?

Thanks for all the help as always, folks!

--Rick


On Fri, 7 May 2010, Gert Doering wrote:

> Hi,
>
> On Fri, May 07, 2010 at 10:45:24AM -0700, Rick Kunkel wrote:
>> The SOLE copy I've got of s72033-adventerprisek9_wan-mz.122-18.SXF4.bin
>> resides on a TFTP server used for backup purposes.  This TFTP server
>
> There's two ways here.
>
> a) you could upload the software on a router, and ask the router to
>   run the MD5 check and tell you about the embedded MD5 in the image:
>
>   cisco# verify s72033-advipservicesk9_wan-mz.122-33.SXH7.bin
>   ...
>   Embedded Hash   MD5 : D2BB0668310392BAC803BE5A0BCD0C6A
>   Computed Hash   MD5 : D2BB0668310392BAC803BE5A0BCD0C6A
>   CCO Hash        MD5 : 2B5960A2AA63E65FCF2BF0B21321D6E2
>
> b) since there are security issues in SXF4 that warrant a free upgrade
>   to the latest and bugfixed SXF version, contact cisco TAC, point
>   them to the latest security advisories and have them send you a
>   known-good SXF17a image.
>
>   One candidate would be this one:
>
>    http://www.cisco.com/warp/public/707/cisco-sa-20100324-ldp.shtml
>
>
> (And yes, there are vendors that are far less painful when it comes
> to firmware downloads and upgrades - it's not like they give you the
> hardware for free and need to ensure their margins with the high-quality
> software *cough*...  yes, of course bean counters will tell you that it's
> important to keep a close tab on people stealing IOS software, but what
> they *don't* tell you is the loss due to annoyed customers...)
>
> gert
> -- 
> USENET is *not* the non-clickable part of WWW!
>                                                           //www.muc.de/~gert/
> Gert Doering - Munich, Germany                             gert at greenie.muc.de
> fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
>


More information about the cisco-nsp mailing list