Recent NTP pool traffic increase

Roland Dobbins rdobbins at
Fri Dec 16 04:19:16 UTC 2016

On 16 Dec 2016, at 10:17, Roland Dobbins wrote:

> <>

Over on nznog, Cameron Bradley posited that this may be related to a 
TR-069/-064 Mirai variant, which makes use of a 'SetNTPServers' exploit. 
  Perhaps one of them is actually setting timeservers?  This SANS 
writeup details the SOAP strings:


Roland Dobbins <rdobbins at>

More information about the NANOG mailing list