One thing that pops to my mind is that we've seen a lot of TR-069/064 'SetNTPServers' exploits in the wild the past few days. Many of these try to download and execute a script, though some actually set the NTP servers first. Perhaps a huge number of devices that previously had no NTP configured, suddenly do? Completely wild theory, but who knows. Cam -----Original Message----- From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Roland Dobbins Sent: Friday, 16 December 2016 4:18 PM To: nznog <nznog(a)list.waikato.ac.nz> Subject: Re: [nznog] pool.ntp.org traffic gone wild On 16 Dec 2016, at 8:31, Shane Geddes wrote:
We are also seeing the same sharp rise in NTP connections.
Maybe something like this? <http://pages.cs.wisc.edu/~plonka/netgear-sntp/> ----------------------------------- Roland Dobbins <rdobbins(a)arbor.net> _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz https://list.waikato.ac.nz/mailman/listinfo/nznog