[ntp:questions] Jesus Christ! -> even internet time-sync (NTP) is vulnerable to exploitation?

Harlan Stenn stenn at ntp.org
Sun Dec 21 23:08:19 UTC 2014


Virus Guy writes:
> ...
> So either you are misreading your logs (and what you think are incoming
> queries on port 123 are really outgoing queries from some computer on
> your lan to something.pool.ntp.org), or these really are incoming
> queries coming from legit (or previous legit) NTP servers.
> 
> If the answer is the latter, then these may very well be examples of
> comprimised / trojanized NTP servers performing their own NTP probes
> under botnet control.

I think the first instance of "NTP" in that last sentence should be
removed.

H


More information about the questions mailing list