Rob wrote: > John Hasler wrote: >> sh3120 writes: >>> Have sites complaining that 72.8.140.222 is showing up >>> on command and control server. >>> After research determined that IP is listed in the >>> NTP.POOL.ORG listing of time servers. >>> Unsure who to report this too to get it off the list. >> >> It's not clear what your problem is. > > Today many ISPs and companies run intrusion detection > systems that monitor the traffic and send alerts when > there is communication with systems listed as botnet > C&C servers. > > So when such a server appears on ntp.pool.org, and a user > picks it to sync with, they get stamped as potentially > infected by malware and could face disconnection or > other forms of quarantine. > > Clear now?
That does not make it a NTP problem! Does ntp.org even have a policy that allows them to exempt IPs from the pool because some third party wants them to? FYI: It is still in the pool <http://www.pool.ntp.org/scores/72.8.140.222> irc.indoforum.org Other ISPs policies to block their own customers based on a third party's assertions, are not ntp.org's problem. If a ISP "knows" a IP is a botnet C&C server, and they null route it, none of their customers will be able to contact it. ... and in the case of use "pool pool.ntp.org iburst preempt" the customer will just get more IPs from the ntp pool, when any specific IP can't be reached. -- E-Mail Sent to this address <[email protected]> will be added to the BlackLists. _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
