[ntp:hackers] Dlink is abusing almost *ALL* stratum 1 servers :-(

Danny Mayer mayer at ntp.isc.org
Mon Apr 10 12:43:23 UTC 2006 

Spam detection software, running on the system "maccarony.ntp.org", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
https://www.eecis.udel.edu/service/ for details.

Content preview:  David Malone wrote: >> I guess we also need to add a
  recommendation not to run an HTTP server >> on any publicly announced
  NTP server. > > The pool.ntp.org pages currently recommend running a web
  server, > but I guess they have a relatively good reason for it. We also
  see > quite a number of people trying to use services like time and >
  daytime. I guess all these are occupational hazzards when you provide >
  a public NTP service. > > (Actually, I once tried to get a server added
  to ie.pool.ntp.org, > but at the time I couldn't join that without also
  joining the global > pool.ntp.org. Does anyone know if this has
  changed?) > >> I'm not even sure why you would >> use HTTP for this
  anyway. Corporate networks should be running an NTP >> server inside the
  firewall that clients can use. If they don't then the >> clients should
  probably not be running unauthorized software. For >> personal use they
  can open up the firewall to NTP packets just like HTTP. > > Indeed - the
  reasoning was that lots of people were stuck behind > HTTP-only proxies
  and these users were actually requesting such > a feature. I've put a
  link to an unpassword protected version of > the ;login: article at: > >
  http://www.maths.tcd.ie/~dwmalone/time/ > > if anyone couldn't get it
  from the Usenix site. > > David. > [...] 

Content analysis details:   (4.1 points, 4.1 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 3.8 HELO_DYNAMIC_IPADDR2   Relay HELO'd using suspicious hostname (IP addr
                            2)
 4.1 HELO_DYNAMIC_HCC       Relay HELO'd using suspicious hostname (HCC)
-0.5 BAYES_00               BODY: Bayesian spam probability is 0 to 1%
                            [score: 0.0000]
-3.3 AWL                    AWL: From: address is in the auto white-list

More information about the hackers mailing list