[ntp:questions] NTP.POOL.ORG Server is a shadowserver

Mike S mikes at flatsurface.com
Thu Oct 18 12:24:29 UTC 2012

On 10/17/2012 3:04 PM, Rob wrote:
> Today many ISPs and companies run intrusion detection systems that
> monitor the traffic and send alerts when there is communication with
> systems listed as botnet C&C servers.
> So when such a server appears on ntp.pool.org, and a user picks it
> to sync with, they get stamped as potentially infected by malware
> and could face disconnection or other forms of quarantine.
> Clear now?

Yes. The problem is that the intrusion detection systems run by many 
companies and ISPs produce false positives.

More information about the questions mailing list