We - at Snap - were forwarded this thread just a few hours ago and are investigating. Please email me should you still be looking for a contact for Snapchat.
Thank you, Jad On Mon, Dec 19, 2016 at 9:18 PM, Laurent Dumont <ad...@coldnorthadmin.com> wrote: > If anything comes from this, I'd love to hear about it. As a student in > the field, this is the kind of stuff I live for! ;) > > Pretty awesome to see the chain of events after seeing a post on the > [pool] list! > > Laurent > > On 12/19/2016 05:12 PM, Justin Paine via NANOG wrote: > >> replying off list. >> >> ____________ >> Justin Paine >> Head of Trust & Safety >> Cloudflare Inc. >> PGP: BBAA 6BCE 3305 7FD6 6452 7115 57B6 0114 DE0B 314D >> >> >> On Mon, Dec 19, 2016 at 1:49 PM, Dan Drown <dan-na...@drown.org> wrote: >> >>> Quoting David <open...@shaw.ca>: >>> >>>> On 2016-12-19 1:55 PM, Jan Tore Morken wrote: >>>> >>>>> On Mon, Dec 19, 2016 at 01:32:50PM -0700, David wrote: >>>>> >>>>>> I found devices doing lookups for all of these at the same time >>>>>> >>>>>> {0,0.uk,0.us,asia,europe,north-america,south-america,oceania,africa}. >>>>>> pool.ntp.org >>>>>> and then it proceeds to use everything returned, which explains why >>>>>> everyone is seeing an increase. >>>>>> >>>>> >>>>> Thanks, David. That perfectly matches the list of servers used by >>>>> older versions of the ios-ntp library[1][2], which would point toward >>>>> some iPhone app being the source of the traffic. >>>>> >>>>> [1] >>>>> https://github.com/jbenet/ios-ntp/blob/d5eade6a99041094f12f0 >>>>> c976dd4aaeed37e0564/ios-ntp-rez/ntp.hosts >>>>> [2] >>>>> https://github.com/jbenet/ios-ntp/blob/5cc3b6e437a6422dcee9d >>>>> ec9da5183e283eff9f2/ios-ntp-lib/NetworkClock.m#L122 >>>>> >>>>> That would make sense - I see a lot of iCloud related lookups from >>>> these >>>> hosts as well. >>>> >>>> Also, app.snapchat.com generally seems to follow just after the NTP >>>> pool >>>> DNS lookups. I don't have an iPhone to test that though. >>>> >>> >>> Confirmed - starting up the iOS Snapchat app does a lookup to the domains >>> you listed, and then sends NTP to every unique IP. Around 35-60 >>> different >>> IPs. >>> >>> Anyone have a contact at Snapchat? >>> >> >