Recent NTP pool traffic increase

• Subject: Recent NTP pool traffic increase
• From: rdobbins at arbor.net (Roland Dobbins)
• Date: Fri, 16 Dec 2016 11:19:16 +0700
• In-reply-to: <[email protected]>
• References: <BL2PR05MB23064[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

On 16 Dec 2016, at 10:17, Roland Dobbins wrote:

> <http://pages.cs.wisc.edu/~plonka/netgear-sntp/>

Over on nznog, Cameron Bradley posited that this may be related to a 
TR-069/-064 Mirai variant, which makes use of a 'SetNTPServers' exploit. 
  Perhaps one of them is actually setting timeservers?  This SANS 
writeup details the SOAP strings:

<https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759>

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>

• References:
  • Recent NTP pool traffic increase
    • From: gerardo.perales at axtel.com.mx (Jose Gerardo Perales Soto)
  • Recent NTP pool traffic increase
    • From: rdobbins at arbor.net (Roland Dobbins)
  • Recent NTP pool traffic increase
    • From: dan-nanog at drown.org (Dan Drown)
  • Recent NTP pool traffic increase
    • From: rdobbins at arbor.net (Roland Dobbins)
  • Recent NTP pool traffic increase
    • From: rdobbins at arbor.net (Roland Dobbins)

• Prev by Date: Recent NTP pool traffic increase
• Next by Date: Network Access to and from China Mainland
• Previous by thread: Recent NTP pool traffic increase
• Next by thread: Recent NTP pool traffic increase
• Index(es):
  • Date
  • Thread