[ntp:questions] NTP.POOL.ORG Server is a shadowserver

Uwe Klein uwe at klein-habertwedt.de
Thu Oct 18 16:35:27 UTC 2012

Rob wrote:

> And I think that is very wise.  There are many protocols that can
> be used to hide communication, and it is undoable to analyze all
> of them to the level where you can be sure it is innocent.

False positives ruin trust in a tool.
( crying wolf to often. )

If 99% of your alerts are false positives that tool is worthless.


More information about the questions mailing list