[ntp:questions] Compromised Time Server

Rob nomail at example.com
Tue Apr 2 22:07:56 UTC 2013


0chien1 <mtju74 at gmail.com> wrote:
> So I have noticed that the server located at 72.8.140.222 is sometimes included within the ntp pool in the US. This machine has been added to the botnet list by Shadowserver, and some commercial resources.
>
> How do we go about getting this server removed from the NTP Pool?

Why?

It is probably not compromised, it is an IRC server.  Those are sometimes
used to hide malware C&C.  But does it serve incorrect time?



More information about the questions mailing list