[ntp:questions] Compromised Time Server

E-Mail Sent to this address will be added to the BlackLists Null at BlackList.Anitech-Systems.invalid
Tue Apr 2 22:40:37 UTC 2013


0chien1 wrote:
> So I have noticed that the server located at 72.8.140.222
>  is sometimes included within the ntp pool in the US.
>
>  This machine has been added to the botnet list by
>   Shadowserver, and some commercial resources.
>
> How do we go about getting this server removed from the NTP Pool?

_You_ don't?

The same way you get it off the "botnet" list?
 Supposing there really is some issue with it,
  if the owner knew, and cared, ...

 The owner can remove it from the pool it they want,
  or the pool will remove it if it stops serving good time.


On the other hand, if you null route
  72.8.140.222/32 (irc.indoforum.org) (*.reverse.openitc.net)
  or 72.8.128.0/18, or ASN 25761 (Staminus Communications),
 then you never have to worry about what others may or may not do.

 ... or null route all IPs that you find running IRC servers?

 ... or null route the US (US ARIN allocations)?

-- 
E-Mail Sent to this address <BlackList at Anitech-Systems.com>
  will be added to the BlackLists.



More information about the questions mailing list