[ntp:questions] Jesus Christ! -> even internet time-sync (NTP)is vulnerable to exploitation?

Virus Guy "Virus" at Guy.com
Mon Dec 22 03:30:08 UTC 2014


Harlan Stenn wrote:

> > ...  or these really are incoming queries coming from legit
> > (or previous legit) NTP servers.
> >
> > If the answer is the latter, then these may very well be examples
> > of comprimised / trojanized NTP servers performing their own NTP
> > probes under botnet control.
> 
> I think the first instance of "NTP" in that last sentence should be
> removed.

Under what conditions would someone who is NOT operating an NTP server
expect to see external IP's hit his router on port 123?

And given that such events are happening, how would you explain that
these external IP's have rDNS data that maps them to
various.pool.ntp.org?



More information about the questions mailing list