nanog mailing list archives
Re: Recent NTP pool traffic increase
From: Roland Dobbins <rdobbins () arbor net>
Date: Fri, 16 Dec 2016 11:19:16 +0700
On 16 Dec 2016, at 10:17, Roland Dobbins wrote:
<http://pages.cs.wisc.edu/~plonka/netgear-sntp/>
Over on nznog, Cameron Bradley posited that this may be related to a TR-069/-064 Mirai variant, which makes use of a 'SetNTPServers' exploit. Perhaps one of them is actually setting timeservers? This SANS writeup details the SOAP strings:
<https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759> ----------------------------------- Roland Dobbins <rdobbins () arbor net>
Current thread:
- Recent NTP pool traffic increase Jose Gerardo Perales Soto (Dec 15)
- Re: Recent NTP pool traffic increase Blake Hudson (Dec 15)
- Re: Recent NTP pool traffic increase Dan Drown (Dec 15)
- Re: Recent NTP pool traffic increase joel jaeggli (Dec 15)
- Re: Recent NTP pool traffic increase Kraig Beahn (Dec 15)
- Re: Recent NTP pool traffic increase Roland Dobbins (Dec 15)
- Re: Recent NTP pool traffic increase Dan Drown (Dec 15)
- Re: Recent NTP pool traffic increase Roland Dobbins (Dec 15)
- Re: Recent NTP pool traffic increase Roland Dobbins (Dec 15)
- Re: Recent NTP pool traffic increase Roland Dobbins (Dec 15)
- Re: Recent NTP pool traffic increase Dan Drown (Dec 15)
- Re: Recent NTP pool traffic increase Roland Dobbins (Dec 16)
- Re: Recent NTP pool traffic increase Roland Dobbins (Dec 16)
- Re: Recent NTP pool traffic increase Andreas Ott (Dec 17)
- <Possible follow-ups>
- Re: Recent NTP pool traffic increase Gary E. Miller (Dec 17)
- Re: Recent NTP pool traffic increase Gary E. Miller (Dec 17)
- Re: Recent NTP pool traffic increase Laurent Dumont (Dec 19)
- Re: Recent NTP pool traffic increase Ca By (Dec 19)
- Re: Recent NTP pool traffic increase Denys Fedoryshchenko (Dec 19)
- Re: Recent NTP pool traffic increase Gary E. Miller (Dec 17)