[ntp:questions] NTP.POOL.ORG Server is a shadowserver

Rob nomail at example.com
Wed Oct 17 19:04:19 UTC 2012


John Hasler <jhasler at newsguy.com> wrote:
> sh3120 writes:
>> Have sites complaining that 72.8.140.222 is showing up on command and
>> control server. After research determined that IP is listed in the
>> NTP.POOL.ORG listing of time servers.  Unsure who to report this too
>> to get it off the list.
>
> It's not clear what your problem is.

Today many ISPs and companies run intrusion detection systems that
monitor the traffic and send alerts when there is communication with
systems listed as botnet C&C servers.

So when such a server appears on ntp.pool.org, and a user picks it
to sync with, they get stamped as potentially infected by malware
and could face disconnection or other forms of quarantine.

Clear now?



More information about the questions mailing list