Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 27 Jan 2016 17:05:55 +0400
From: Loganaden Velvindron <>
Subject: Re: actively infiltrating IPv6 pools
 for scanning purposes

On Wed, Jan 27, 2016 at 3:24 PM, Luca BRUNO <> wrote:

> [cross-posted to pool-ntp and oss-sec]
> Hi,
> while reviewing network logs this morning I spotted some anomalies related
> to scan probes, pools and IPv6.
> It looks like Brad already observed and blogged about this some days ago,
> but I haven't seen this discussed in the usual ntp-pools, Debian and
> oss-sec ML, so I'm reposting this here:
> In summary, some machines (which seem related to the scanning
> project)
> are actively participating in as IPv6 endpoints.
> However, clients connecting to them for NTP timesync, are subsequently
> scanned
> by probes originating from * hosts.
Shouldn't we have some kind of policy for operators participating in to prevent such issues ?

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ