Wouldn't the calculated MD5/SHA sum for the IOS file change once it's modified (irrespective of staying the same size)? I'd be interested to see if one of these backdoors would pass the IOS verify command or not. Even if the backdoor changed the verify output; copying the IOS file off the router and MD5/SHA summing it on another host should show a difference. I guess maintaining the file size is to prevent something like RANCID firing off a diff on the flash dir output.
- Synful Knock questions... eric-list
- Re: Synful Knock questions... Michael Douglas
- Re: Synful Knock questions... Ricky Beam
- Re: Synful Knock questions... Jake Mertel
- Re: Synful Knock questions... Michael Douglas
- Re: Synful Knock questions... Jake Mertel
- Re: Synful Knock questions... Valdis . Kletnieks
- Re: Synful Knock questions... Jake Mertel
- Re: Synful Knock questions... Jared Mauch
- Re: Synful Knock questions... Marcin Cieslak
- Re: Synful Knock questions... Stephen Satchell
- Re: Synful Knock questions... Valdis . Kletnieks
- Re: Synful Knock questions... Alain Hebert
- Re: Synful Knock questions... Blake Hudson
- Re: Synful Knock questions... Paul Ferguson
