Solved: How can I tell if my PIX515e image if genuine?

gagiftbaskets · ‎08-29-2011

I just bought a used PIX515e. It is running version 8.0(3) and ASDM 6.1.5 Because I do not know the history of the unit, how can I tell if the image used came from cisco and not some download site? I guess I should've thought about this before buying it but hindsight is...you know. Worse case is that the person who had it before me dl the software that was infected with a backdoor or something else. I don't have a service contract so I'm kinda stuck.

Any thoughts? Can I download the image from the firewall flash and compare a MD5SUM?

Thanks!

John Blakley · ‎08-29-2011

It's a valid image:

Release	8.0.3
Filename	pix803.bin
Release Date	04/Feb/2008
Description	PIX OS version 8.0(3) software. Requires a minimum of 16 MB Flash and 64 MB RAM. IMPORTANT- Read the Guide for Cisco PIX 6.2 and 6.3 Users Upgrading to Cisco PIX Software Version 8.0 and Release Note prior to downloading this release.
Size	7110 KB (7280640 bytes)
Router Checksum	0xe740
MD5	a31515fbf9ccf6a2df61be2a819ebaa8

HTH, John *** Please rate all useful posts ***

View solution in original post

John Blakley · ‎08-29-2011

Can you post the complete "sh ver" and the image name for sh flash:?

HTH, John *** Please rate all useful posts ***

gagiftbaskets · ‎08-29-2011

Sure. I will post that later tonight. Should I redact the serial number and license keys?

gagiftbaskets · ‎08-29-2011

Result of the command: "show flash"

Directory of flash:/

6 -rw- 1602 13:57:14 Aug 28 2011 downgrade.cfg

9 -rw- 7280640 15:37:21 Aug 28 2011 image.bin

12 -rw- 7598456 15:58:52 Aug 28 2011 asdm-615.bin

16128000 bytes total (1238528 bytes free)

Result of the command: "show flash"

Directory of flash:/

6 -rw- 1602 13:57:14 Aug 28 2011 downgrade.cfg

9 -rw- 7280640 15:37:21 Aug 28 2011 image.bin

12 -rw- 7598456 15:58:52 Aug 28 2011 asdm-615.bin

16128000 bytes total (1238528 bytes free)

Result of the command: "show version"

Cisco PIX Security Appliance Software Version 8.0(3)

Device Manager Version 6.1(5)

Compiled on Tue 06-Nov-07 19:50 by builders

System image file is "flash:/image.bin"

Config file at boot was "startup-config"

pixfirewall up 6 mins 32 secs

Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz

Flash E28F128J3 @ 0xfff00000, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

0: Ext: Ethernet0 : address is 000f.8f97.f3e5, irq 10

1: Ext: Ethernet1 : address is 000f.8f97.f3e6, irq 11

2: Ext: Ethernet2 : address is 0002.b3ed.69fe, irq 11

Licensed features for this platform:

Maximum Physical Interfaces : 3

Maximum VLANs : 10

Inside Hosts : Unlimited

Failover : Disabled

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Cut-through Proxy : Enabled

Guards : Enabled

URL Filtering : Enabled

Security Contexts : 0

GTP/GPRS : Disabled

VPN Peers : Unlimited

This platform has a Restricted (R) license.

Serial Number: XXXXXXX

Running Activation Key: XXXXXXXXXXXXXXXXXXX

Configuration has not been modified since last system restart.

gagiftbaskets · ‎08-29-2011

verify /md5 (flash:/image.bin) = a31515fbf9ccf6a2df61be2a819ebaa8

verify /md5 (flash:/asdm-615.bin) = f7b4f6318f1fffb58821ab31aa27f899

John Blakley · ‎08-29-2011

It's a valid image:

Release	8.0.3
Filename	pix803.bin
Release Date	04/Feb/2008
Description	PIX OS version 8.0(3) software. Requires a minimum of 16 MB Flash and 64 MB RAM. IMPORTANT- Read the Guide for Cisco PIX 6.2 and 6.3 Users Upgrading to Cisco PIX Software Version 8.0 and Release Note prior to downloading this release.
Size	7110 KB (7280640 bytes)
Router Checksum	0xe740
MD5	a31515fbf9ccf6a2df61be2a819ebaa8

HTH, John *** Please rate all useful posts ***

jedavis · ‎08-29-2011

You can generate an MD5 hash from an image and compare it to what is posted on CCO. One of the places this is posted is just before you download an image. It may be posted in other places too.

Use the following command:

verify /md5 asa803-k8.bin

John Blakley · ‎08-29-2011

I didn't know that command Rated.

HTH, John *** Please rate all useful posts ***

gagiftbaskets · ‎08-29-2011

I don't have access to the download section b/c I don't have a service contract. If I did have a contract, I'd just d/l it from cisco and not have to worry about whether the image is genuine it not. Perhaps this is overkill but I'm using this for a home-based biz that is hosting a web & email server. My only experience with router firmware was that it is freely avail from the mfgr (consumer grade) so this never crossed my mind. Live and learn but the unit was only $20 so..... Anyhow, if the image is not genuine from cisco then I don't want it.

I'll post the MD5 of the image I have too thanks a bunch for everyone's help!

Collin Clark · ‎08-29-2011

Here's some more info on verifing the MD5 on the image.

https://supportforums.cisco.com/docs/DOC-6083

gagiftbaskets · ‎08-29-2011

Thank you SO much. I was afraid that for the price I paid, I got a less-than-honest piece of equipment. You can never be too careful especially when you are talking about a vital piece of security equipment such as a VPN firewall!

Tim

gagiftbaskets · ‎08-29-2011

I guess it's safe to assume that the ASDM file is also valid? Does the MD5 for that match also?

jedavis · ‎08-30-2011

Yes, the ASDM hash matches what is posted on the download site.