Hi-- On Oct 17, 2012, at 10:04 AM, sh3120 wrote: > Have sites complaining that 72.8.140.222 is showing up on command and control > server. After research determined that IP is listed in the NTP.POOL.ORG > listing of time servers. Unsure who to report this too to get it off the list.
The mailing list for the NTP pool is <[email protected]>. Whether a machine has been infected by malware is not related directly to whether it is serving good time. The NTP pool has a scoring mechanism which will remove that IP if it no longer provides good time: http://www.pool.ntp.org/scores/72.8.140.222 [ ...note reply-to: header; also, BCC:ing Ask, in case he decides to remove this IP... ] > it can b confirmed by going to http://www.threatstop.com/checkip and checking > the ip address. Perhaps try contacting <[email protected]> or the netblock owner, per WHOIS: % whois 72.8.140.222 [ ... ] OrgAbuseHandle: ABUSE2456-ARIN OrgAbuseName: ABUSE OrgAbusePhone: +1-949-202-5305 OrgAbuseEmail: [email protected] OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE2456-ARIN OrgTechHandle: TECH380-ARIN OrgTechName: TECH OrgTechPhone: +1-949-202-5305 OrgTechEmail: [email protected] OrgTechRef: http://whois.arin.net/rest/poc/TECH380-ARIN Regards, -- -Chuck _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
