Re: [nznog] pool.ntp.org traffic gone wild

15 Dec 2016

      The chatter in #ntp on IRC infers that it was through a change made by a
IoT vendor (though that's all the info that's been given, so take that with
as much salt as you wish).

It does however, seem to have had the unfortunate side effect of knocking a
number of servers out of the pool, dropping it down to either remaining.

I've added a couple of new ones myself (personally and day job has allowed
me to add two) to try and bring the numbers up, but if your able and
willing it would be awesome if some others could donate a little bit of
resource to the pool. It's quite widely used and quite under-resourced here.
Regards,

Alex Smith
E: alex(a)smith.is
P: 022 0521 257

On Fri, Dec 16, 2016 at 5:24 PM, Roland Dobbins  wrote:
...
On 16 Dec 2016, at 11:07, Cameron Bradley wrote:
I do indeed.
...
This makes sense - I'll do some digging and see if any of the Mirai
variants we've captured is setting the timeservers on compromised devices
to pool.ntp.org addresses.
-----------------------------------
Roland Dobbins 
_______________________________________________
NZNOG mailing list
NZNOG(a)list.waikato.ac.nz
https://list.waikato.ac.nz/mailman/listinfo/nznog