Re: CVV (was: Re: bloomberg on supermicro: sky is falling)

On 11/Oct/18 21:31, Chris Adams wrote: > Requiring an ID is also a violation of the merchant agreements, at least > for VISA and MasterCard (not sure about American Express), unless ID is > otherwise required by law (like for age-limited products). I've walked > out of stores that required an

Re: CVV (was: Re: bloomberg on supermicro: sky is falling)

There are two parts of the problem. The first is the assumption of risk: the current model of operation in the US (like in other western economies) puts the onus of risk of misuse of the card on specific actors. When you change the basis from signature (fraud) to chip+pin (leak of knowledge) you ha

Re: CVV (was: Re: bloomberg on supermicro: sky is falling)

On 8/Nov/18 11:16, George Michaelson wrote: > There are two parts of the problem. The first is the assumption of > risk: the current model of operation in the US (like in other western > economies) puts the onus of risk of misuse of the card on specific > actors. When you change the basis from

Amazon network engineering contact? re: DDoS traffic

We've been seeing significant attack activity from Amazon over the last two months, involving apparently compromised instances that commonly send 1-10G of traffic per source and together generate Nx10G of total traffic. Even when our overall upstream capacity exceeds an attack's overall size, t

Re: Amazon network engineering contact? re: DDoS traffic

Zach, Yes, RTBH is used to distribute the null-routes that I mentioned. Unfortunately, even brief saturation events lasting just 5-10 seconds (a typical amount of time to detect the loss, issue the null-route, and see the traffic start to fall off as it is distributed upstream) can cause real

Re: CVV (was: Re: bloomberg on supermicro: sky is falling)

Mark Tinka wrote: > I hope the U.S. does catch-up. If we were swipe-based here, we'd all be > broke :-). I know a number of major merchants in the U.S. now use PIN's, > and I always stick to those when I travel there. In the U.S., pin codes are required for EFTPOS transactions (called debit) ove

Re: Amazon network engineering contact? re: DDoS traffic

Zach, As mentioned before, I am open to peering (where possible) but have not received a response. My goal is to connect with someone at Amazon and work with them on a technical solution, which is why I posted asking for that here. Various factors mean that we can't just upgrade our way out

FCC Launches Re-Examination of Wireless Resiliency Cooperative Framework In Light of Recent Hurricanes

The public, first responders and other service providers can also submit comments to the FCC. https://www.fcc.gov/document/fcc-seeks-industry-input-review-wireless-resiliency-framework To that end, Chief Fowlkes’ letters ask wireless companies participating in the framework to summarize h

Amazon now controls 3.0.0.0/8

https://news.ycombinator.com/item?id=18407173 Quoting from the post: " Apparently bought in two chunks: 3.0.0.0/9 and 3.128.0.0/9. Previous owner was GE. Anecdotal reports across the Internet that AWS EIPs are now being assigned in that range. https://whois.arin.net/rest/net/NET-3-0-0-0-1.htm

Re: Amazon now controls 3.0.0.0/8

On Fri, Nov 9, 2018 at 0:54 Eric Kuhnke wrote: > https://news.ycombinator.com/item?id=18407173 > > Quoting from the post: > > " > > Apparently bought in two chunks: 3.0.0.0/9 and 3.128.0.0/9. > > Previous owner was GE. > > Anecdotal reports across the Internet that AWS EIPs are now being assigned

Re: Amazon now controls 3.0.0.0/8

So it looks like GE will be solvent for a few more years and 3.3.3.3 DNS is incoming. -Matt On Thu, Nov 8, 2018, 17:54 Eric Kuhnke https://news.ycombinator.com/item?id=18407173 > > Quoting from the post: > > " > > Apparently bought in two chunks: 3.0.0.0/9 and 3.128.0.0/9. > > Previous owner was

RE: CVV (was: Re: bloomberg on supermicro: sky is falling)

I have a low-cost/high interest rate account at one of the Canadian bank and each "assisted" transaction is $5. Frank -Original Message- From: NANOG On Behalf Of Mark Tinka Sent: Thursday, November 08, 2018 3:35 AM To: George Michaelson Cc: North American Network Operators' Group Sub

Re: CVV (was: Re: bloomberg on supermicro: sky is falling)

This is a confusing and off-topic discussion with respect to network engineering. But for completeness: Payments systems are architected by fraud rates, not by isolated security requirements or engineering mandates, as i think most network engineers can understand. The fraud rates in the US for

Re: Amazon now controls 3.0.0.0/8

I wish we could have used 4.4.4.4. Although at the time I suspect we would have used 4.4.4.[123]. Johno > On Nov 8, 2018, at 18:58, Matt Erculiani wrote: > > So it looks like GE will be solvent for a few more years and 3.3.3.3 DNS is > incoming. > > -Matt > >> On Thu, Nov 8, 2018, 17:54 E

Re: Amazon now controls 3.0.0.0/8

3.4.5.6/24 could be an interesting block to put easily memorable IP services in... On Thu, Nov 8, 2018 at 4:44 PM John Orthoefer wrote: > I wish we could have used 4.4.4.4. Although at the time I suspect we would > have used 4.4.4.[123]. > > Johno > > On Nov 8, 2018, at 18:58, Matt Erculiani

Re: Amazon now controls 3.0.0.0/8

I think it was the dial modem team that beat us to 4.4.4.0/24? -Steve On Thu, Nov 8, 2018 at 7:44 PM John Orthoefer wrote: > I wish we could have used 4.4.4.4. Although at the time I suspect we would > have used 4.4.4.[123]. > > Johno > > On Nov 8, 2018, at 18:58, Matt Erculiani wrote: > > So

Re: Amazon now controls 3.0.0.0/8

google used 4.4.4.4 for DNS in the past (2010, IIRC). t On Thu, Nov 8, 2018 at 8:21 PM Steve Meuse wrote: > > I think it was the dial modem team that beat us to 4.4.4.0/24? > > -Steve > > On Thu, Nov 8, 2018 at 7:44 PM John Orthoefer wrote: > >> I wish we could have used 4.4.4.4. Although at t

Re: Amazon network engineering contact? re: DDoS traffic

Nobody should ever be forced to peer to get someone to address abusive traffic originating from networks under their control. On Thu, Nov 8, 2018 at 4:29 PM John wrote: > Zach, > > As mentioned before, I am open to peering (where possible) but have not > received a response. > > My goal is to

Re: Amazon now controls 3.0.0.0/8

4.0.0.0/8 has been GTE/Level3 forever. 4.2.2.1 - 6 have been L3 DNS as far back as I can remember. On Thu, Nov 8, 2018 at 8:32 PM Todd Underwood wrote: > google used 4.4.4.4 for DNS in the past (2010, IIRC). > > t > > On Thu, Nov 8, 2018 at 8:21 PM Steve Meuse wrote: > >> >> I think it was the

Re: Amazon now controls 3.0.0.0/8

Obligatory list of all known same-quad servers and their DNS status - corrections welcome: https://gist.github.com/roycewilliams/6cb91ed94b88730321ca3076006229f1 If there is info about previous/historical use of these IPs, I'd like to find a way to incorporate that as well. -- Royce On Thu, N

Re: Amazon network engineering contact? re: DDoS traffic

at 8:40 PM, Tom Beecher wrote: Nobody should ever be forced to peer to get someone to address abusive traffic originating from networks under their control. Especially considering the fact that Amazon is just a bit selective about their peers. Though, the size of our border probably ha

Re: Amazon now controls 3.0.0.0/8

John Orthoefer and I (and dozens of other BBN folks on this list) both worked for BBNPlanet at the time that 4.2.2.1 and 4.2.2.2 were assigned. John was one of the folks who built and ran that system. So when he said "I wish we could have used 4.4.4.4" and my comment of "I think the dial modem fol

Re: Amazon now controls 3.0.0.0/8

Maybe Amazon will do something cool with 3.1.33.7 ... dan On Thu, Nov 8, 2018, at 8:30 PM, Todd Underwood wrote: > google used 4.4.4.4 for DNS in the past (2010, IIRC). > > t > > On Thu, Nov 8, 2018 at 8:21 PM Steve Meuse wrote: >> >> I think it was the dial modem team that beat us to 4.4.4.

Re: Amazon now controls 3.0.0.0/8

3.141.59.27  might be handy. Matt On 9/11/18 1:22 pm, Dan Lowe wrote: Maybe Amazon will do something cool with 3.1.33.7 ... dan On Thu, Nov 8, 2018, at 8:30 PM, Todd Underwood wrote: google used 4.4.4.4 for DNS in the past (2010, IIRC). t On Thu, Nov 8, 2018 at 8:21 PM Steve Meuse

Re: Amazon now controls 3.0.0.0/8

Speaking of AS1 - I've been wondering, what's it being used for? It looks like Level3 owns it, and it's announcing a handful of prefixes and peering with a bunch of random ASes from many different countries. On Thu, Nov 8, 2018 at 9:19 PM, Steve Meuse wrote: > > John Orthoefer and I (and dozens

Re: Amazon now controls 3.0.0.0/8

It's still in use, I believe Level(3)/CenturyLink uses it for either their VPN or Voice network. -Steve On Thu, Nov 8, 2018 at 9:44 PM Ross Tajvar wrote: > Speaking of AS1 - I've been wondering, what's it being used for? It looks > like Level3 owns it, and it's announcing a handful of prefixes

Re: CVV (was: Re: bloomberg on supermicro: sky is falling)

Once upon a time, Scott Christopher said: > Swipe-and-sign (and now just swipe for small amounts) is for Visa, > Mastercard, Discover transactions (called credit) Signatures are no longer required for chip card transactions in the US, except I think for transactions where the auth is done on the

Re: CVV

Todd Underwood writes: > [interesting and plausible reasoning about why no chip&PIN in US] > anyway, let's talk about networks, no? This topic is obviously "a little" off-topic, but I find some contributions (like yours) relevant for understanding adoption dynamics (or not) of proposed security me

Re: CVV (was: Re: bloomberg on supermicro: sky is falling)

On 9/Nov/18 02:22, Todd Underwood wrote: > > i generally find it amusing when people from other countries mock the > US for not having PINs.  this is just another way of saying "my > country has high fraud rates and yours appears not to."  :-) . you can > see this in the comment below "If we wer