[ntp:questions] Jesus Christ! -> even internet time-sync (NTP) is vulnerable to exploitation?

Harlan Stenn stenn at ntp.org
Sun Dec 21 23:08:19 UTC 2014

Virus Guy writes:
> ...
> So either you are misreading your logs (and what you think are incoming
> queries on port 123 are really outgoing queries from some computer on
> your lan to something.pool.ntp.org), or these really are incoming
> queries coming from legit (or previous legit) NTP servers.
> If the answer is the latter, then these may very well be examples of
> comprimised / trojanized NTP servers performing their own NTP probes
> under botnet control.

I think the first instance of "NTP" in that last sentence should be


More information about the questions mailing list