Recent NTP pool traffic increase

• Previous message (by thread): Recent NTP pool traffic increase
• Next message (by thread): Recent NTP pool traffic increase
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 16 Dec 2016, at 10:17, Roland Dobbins wrote:

> <http://pages.cs.wisc.edu/~plonka/netgear-sntp/>

Over on nznog, Cameron Bradley posited that this may be related to a 
TR-069/-064 Mirai variant, which makes use of a 'SetNTPServers' exploit. 
  Perhaps one of them is actually setting timeservers?  This SANS 
writeup details the SOAP strings:

<https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759>

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>

• Previous message (by thread): Recent NTP pool traffic increase
• Next message (by thread): Recent NTP pool traffic increase
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]