There are two parts of the problem. The first is the assumption of
risk: the current model of operation in the US (like in other western
economies) puts the onus of risk of misuse of the card on specific
actors. When you change the basis from signature (fraud) to chip+pin
(leak of knowledge) you
On 11/Oct/18 21:31, Chris Adams wrote:
> Requiring an ID is also a violation of the merchant agreements, at least
> for VISA and MasterCard (not sure about American Express), unless ID is
> otherwise required by law (like for age-limited products). I've walked
> out of stores that required an
On 8/Nov/18 11:16, George Michaelson wrote:
> There are two parts of the problem. The first is the assumption of
> risk: the current model of operation in the US (like in other western
> economies) puts the onus of risk of misuse of the card on specific
> actors. When you change the basis from
Zach,
Yes, RTBH is used to distribute the null-routes that I mentioned.
Unfortunately, even brief saturation events lasting just 5-10 seconds (a
typical amount of time to detect the loss, issue the null-route, and see
the traffic start to fall off as it is distributed upstream) can cause
We've been seeing significant attack activity from Amazon over the last
two months, involving apparently compromised instances that commonly
send 1-10G of traffic per source and together generate Nx10G of total
traffic. Even when our overall upstream capacity exceeds an attack's
overall size,
The public, first responders and other service providers can also submit
comments to the FCC.
https://www.fcc.gov/document/fcc-seeks-industry-input-review-wireless-resiliency-framework
To that end, Chief Fowlkes’ letters ask wireless companies participating
in the framework to summarize
Mark Tinka wrote:
> I hope the U.S. does catch-up. If we were swipe-based here, we'd all be
> broke :-). I know a number of major merchants in the U.S. now use PIN's,
> and I always stick to those when I travel there.
In the U.S., pin codes are required for EFTPOS transactions (called debit)
3.4.5.6/24 could be an interesting block to put easily memorable IP
services in...
On Thu, Nov 8, 2018 at 4:44 PM John Orthoefer wrote:
> I wish we could have used 4.4.4.4. Although at the time I suspect we would
> have used 4.4.4.[123].
>
> Johno
>
> On Nov 8, 2018, at 18:58, Matt Erculiani
Maybe Amazon will do something cool with 3.1.33.7 ...
dan
On Thu, Nov 8, 2018, at 8:30 PM, Todd Underwood wrote:
> google used 4.4.4.4 for DNS in the past (2010, IIRC).
>
> t
>
> On Thu, Nov 8, 2018 at 8:21 PM Steve Meuse wrote:
>>
>> I think it was the dial modem team that beat us to
Speaking of AS1 - I've been wondering, what's it being used for? It looks
like Level3 owns it, and it's announcing a handful of prefixes and peering
with a bunch of random ASes from many different countries.
On Thu, Nov 8, 2018 at 9:19 PM, Steve Meuse wrote:
>
> John Orthoefer and I (and dozens
On Fri, Nov 9, 2018 at 0:54 Eric Kuhnke wrote:
> https://news.ycombinator.com/item?id=18407173
>
> Quoting from the post:
>
> "
>
> Apparently bought in two chunks: 3.0.0.0/9 and 3.128.0.0/9.
>
> Previous owner was GE.
>
> Anecdotal reports across the Internet that AWS EIPs are now being
google used 4.4.4.4 for DNS in the past (2010, IIRC).
t
On Thu, Nov 8, 2018 at 8:21 PM Steve Meuse wrote:
>
> I think it was the dial modem team that beat us to 4.4.4.0/24?
>
> -Steve
>
> On Thu, Nov 8, 2018 at 7:44 PM John Orthoefer wrote:
>
>> I wish we could have used 4.4.4.4. Although at
I think it was the dial modem team that beat us to 4.4.4.0/24?
-Steve
On Thu, Nov 8, 2018 at 7:44 PM John Orthoefer wrote:
> I wish we could have used 4.4.4.4. Although at the time I suspect we would
> have used 4.4.4.[123].
>
> Johno
>
> On Nov 8, 2018, at 18:58, Matt Erculiani wrote:
>
> So
Nobody should ever be forced to peer to get someone to address abusive
traffic originating from networks under their control.
On Thu, Nov 8, 2018 at 4:29 PM John wrote:
> Zach,
>
> As mentioned before, I am open to peering (where possible) but have not
> received a response.
>
> My goal is to
This is a confusing and off-topic discussion with respect to network
engineering.
But for completeness:
Payments systems are architected by fraud rates, not by isolated security
requirements or engineering mandates, as i think most network engineers can
understand.
The fraud rates in the US for
I wish we could have used 4.4.4.4. Although at the time I suspect we would have
used 4.4.4.[123].
Johno
> On Nov 8, 2018, at 18:58, Matt Erculiani wrote:
>
> So it looks like GE will be solvent for a few more years and 3.3.3.3 DNS is
> incoming.
>
> -Matt
>
>> On Thu, Nov 8, 2018, 17:54
So it looks like GE will be solvent for a few more years and 3.3.3.3 DNS is
incoming.
-Matt
On Thu, Nov 8, 2018, 17:54 Eric Kuhnke https://news.ycombinator.com/item?id=18407173
>
> Quoting from the post:
>
> "
>
> Apparently bought in two chunks: 3.0.0.0/9 and 3.128.0.0/9.
>
> Previous owner
I have a low-cost/high interest rate account at one of the Canadian bank and
each "assisted" transaction is $5.
Frank
-Original Message-
From: NANOG On Behalf Of Mark Tinka
Sent: Thursday, November 08, 2018 3:35 AM
To: George Michaelson
Cc: North American Network Operators' Group
4.0.0.0/8 has been GTE/Level3 forever.
4.2.2.1 - 6 have been L3 DNS as far back as I can remember.
On Thu, Nov 8, 2018 at 8:32 PM Todd Underwood wrote:
> google used 4.4.4.4 for DNS in the past (2010, IIRC).
>
> t
>
> On Thu, Nov 8, 2018 at 8:21 PM Steve Meuse wrote:
>
>>
>> I think it was
https://news.ycombinator.com/item?id=18407173
Quoting from the post:
"
Apparently bought in two chunks: 3.0.0.0/9 and 3.128.0.0/9.
Previous owner was GE.
Anecdotal reports across the Internet that AWS EIPs are now being assigned
in that range.
Obligatory list of all known same-quad servers and their DNS status -
corrections welcome:
https://gist.github.com/roycewilliams/6cb91ed94b88730321ca3076006229f1
If there is info about previous/historical use of these IPs, I'd like to
find a way to incorporate that as well.
--
Royce
On Thu,
at 8:40 PM, Tom Beecher wrote:
Nobody should ever be forced to peer to get someone to address abusive
traffic originating from networks under their control.
Especially considering the fact that Amazon is just a bit selective about
their peers. Though, the size of our border probably
John Orthoefer and I (and dozens of other BBN folks on this list) both
worked for BBNPlanet at the time that 4.2.2.1 and 4.2.2.2 were assigned.
John was one of the folks who built and ran that system.
So when he said "I wish we could have used 4.4.4.4" and my comment of "I
think the dial modem
3.141.59.27 might be handy.
Matt
On 9/11/18 1:22 pm, Dan Lowe wrote:
Maybe Amazon will do something cool with 3.1.33.7 ...
dan
On Thu, Nov 8, 2018, at 8:30 PM, Todd Underwood wrote:
google used 4.4.4.4 for DNS in the past (2010, IIRC).
t
On Thu, Nov 8, 2018 at 8:21 PM Steve Meuse
It's still in use, I believe Level(3)/CenturyLink uses it for either their
VPN or Voice network.
-Steve
On Thu, Nov 8, 2018 at 9:44 PM Ross Tajvar wrote:
> Speaking of AS1 - I've been wondering, what's it being used for? It looks
> like Level3 owns it, and it's announcing a handful of prefixes
Once upon a time, Scott Christopher said:
> Swipe-and-sign (and now just swipe for small amounts) is for Visa,
> Mastercard, Discover transactions (called credit)
Signatures are no longer required for chip card transactions in the US,
except I think for transactions where the auth is done on
Zach,
As mentioned before, I am open to peering (where possible) but have not
received a response.
My goal is to connect with someone at Amazon and work with them on a
technical solution, which is why I posted asking for that here. Various
factors mean that we can't just upgrade our way out
Todd Underwood writes:
> [interesting and plausible reasoning about why no chip in US]
> anyway, let's talk about networks, no?
This topic is obviously "a little" off-topic, but I find some
contributions (like yours) relevant for understanding adoption dynamics
(or not) of proposed security
On 9/Nov/18 02:22, Todd Underwood wrote:
>
> i generally find it amusing when people from other countries mock the
> US for not having PINs. this is just another way of saying "my
> country has high fraud rates and yours appears not to." :-) . you can
> see this in the comment below "If we
29 matches
Mail list logo
