The chatter in #ntp on IRC infers that it was through a change made by a IoT vendor (though that's all the info that's been given, so take that with as much salt as you wish).

It does however, seem to have had the unfortunate side effect of knocking a number of servers out of the pool, dropping it down to either remaining.

I've added a couple of new ones myself (personally and day job has allowed me to add two) to try and bring the numbers up, but if your able and willing it would be awesome if some others could donate a little bit of resource to the pool. It's quite widely used and quite under-resourced here.

Regards,

Alex Smith

E: alex@smith.is

P: 022 0521 257

On Fri, Dec 16, 2016 at 5:24 PM, Roland Dobbins <rdobbins@arbor.net> wrote:

On 16 Dec 2016, at 11:07, Cameron Bradley wrote:

I do indeed.

This makes sense - I'll do some digging and see if any of the Mirai variants we've captured is setting the timeservers on compromised devices to pool.ntp.org addresses.

-----------------------------------
Roland Dobbins <rdobbins@arbor.net>
_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
https://list.waikato.ac.nz/mailman/listinfo/nznog