[ntp:questions] Compromised Time Server
nomail at example.com
Tue Apr 2 22:07:56 UTC 2013
0chien1 <mtju74 at gmail.com> wrote:
> So I have noticed that the server located at 126.96.36.199 is sometimes included within the ntp pool in the US. This machine has been added to the botnet list by Shadowserver, and some commercial resources.
> How do we go about getting this server removed from the NTP Pool?
It is probably not compromised, it is an IRC server. Those are sometimes
used to hide malware C&C. But does it serve incorrect time?
More information about the questions