Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: MD5 proliferation statistics

  • From: Patrick W.Gilmore
  • Date: Thu May 06 17:54:49 2004

On May 6, 2004, at 2:42 PM, Arnold Nipper wrote:

On 06.05.2004 20:03 Steve Gibbard wrote:

I'm curious as to what sorts of response rates those who have been
actively contacting peers to ask for MD5 configuration have been getting,
as well as whether other networks that have not been being proactive about
this have been seeing contact rates similar to ours.

At DE-CIX (www.de-cix.net) we have two route-servers (resilient setup).
We were not really actively contacting peers (i.e. did not really press
them to activate MD5).

Our figures (counted per AS not per peering as we have double peerings
both on our side as well as on customer side having two+ routers) are:

 120 peerings
  21 MD5 peerings

 ratio: 17.5%

Better than expected. I told a friend that MD5 peerings would be <10%.
Now I have been pretty vocal about the whole MD5 thing, but I have to say that route-servers are probably not the best indication of MD5-ness. Session which pass traffic get a little higher priority at most organizations.

Unfortunately, my organization was not passive until we got to see what the threat actually was, so our numbers are not useful. Would any traffic-carrying-organization care to discuss their numbers?

And anyone want to admit seeing an RST-style attack? Any attack which MD5 would have blocked?

--
TTFN,
patrick





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.