[193046] in North American Network Operators' Group
Re: Recent NTP pool traffic increase
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Thu Dec 15 23:19:31 2016
X-Original-To: nanog@nanog.org
From: Roland Dobbins <rdobbins@arbor.net>
To: <nanog@nanog.org>
Date: Fri, 16 Dec 2016 11:19:16 +0700
In-Reply-To: <6B7C0C66-F6A4-40A0-8134-8925FC608C63@arbor.net>
Errors-To: nanog-bounces@nanog.org
On 16 Dec 2016, at 10:17, Roland Dobbins wrote:
> <http://pages.cs.wisc.edu/~plonka/netgear-sntp/>
Over on nznog, Cameron Bradley posited that this may be related to a =
TR-069/-064 Mirai variant, which makes use of a 'SetNTPServers' exploit. =
Perhaps one of them is actually setting timeservers? This SANS =
writeup details the SOAP strings:
<https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+A=
ttack+Against+DSL+Modems/21759>
-----------------------------------
Roland Dobbins <rdobbins@arbor.net>
