Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2004-10-04 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

MD5 Checksum Updated / MD5 Tools for Win32 / Botnets reports

Published: 2004-10-04
Last Updated: 2004-10-04 23:29:49 UTC
by Pedro Bueno (Version: 1)
0 comment(s)
MD5 Checksum, Updated

The following is Lorna's update from her diary yesterday:


This update is in response to many emails from the user community about the entry regarding using MD5 checksums. Thanks for writing in and sharing your thoughts!! Many people question the need for using MD5 checksums since a hacker can modify the checksum as well. I don't disagree at all, however, measures can and should be taken to protect the location of where the MD5 checksum is stored so they at least have to work for it. However, the responses that we received enforced the point I was trying to make. Most folks aren't checking them, so why should a hacker go through the trouble of modifying them? We only got one response telling us the hash was wrong for the latest update, maybe only one person downloaded it since we updated it and maybe others simply did not respond about it. However, if a hacker has modified the file, but did not modify the checksum it may save you much pain and confusion if you spot this early. One step farther, if YOU don't know what the checksum is for file your providing, how do you know its not been modified? It wouldn't take much to write a script that checks the values of the MD5 checksums against known good values and ensure they have not be changed or better yet, store them on another server. Keep a copy of the valid checksums on a separate media or burn them onto a CD so you know what the valid hash should be. The MD5 checksum is NOT meant to be a single solution to the problem, but it is a tool that should be part of your security regime.


As a secondary note, we have had questions about what to use to do a md5 checksum on Windows. I personally use MD5sum.exe on my windows systems. A quick search on Google will also point at others that are available. Once again, thanks for all the emails.



MD5 Checksum Tools


For those asking us about tools to check the md5 Checksum in Windows OS, here is a small list of such applications:


- md5sum.exe - from http://www.etree.org/md5com.html
- Unixtools - http://unxutils.sourceforge.net
- md5summer - http://www.md5summer.org


Botnets reports

We received some questions from users about the authorities referenced by Lorna on yesterday´s diary.

When we receive such reports,we notify a security contact at the ISP that was providing network access and their upstream ISP.

We provided portions of the information the we receive as
evidence of AUP violation, but always preserving the privacy of user
identity.


Once again, thanks for all reports!



-----------------------------------------------------------------

handler on Duty: Pedro Bueno (pbueno /AT/ isc.sans.org )

Keywords:
0 comment(s)
Diary Archives