oss-security - Re: [Pool] shodan.io actively infiltrating ntp.org IPv6 pools for scanning purposes

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Thu, 28 Jan 2016 18:56:45 +0100
From: Rob Janssen <pe1chl@...at.org>
To: Ask Bjørn Hansen <ask@...pool.org>,
        Luca BRUNO <lucab@...ian.org>
Cc: oss-security@...ts.openwall.com, team@...urity.debian.org,
        secalert@...hat.com
Subject: Re: [Pool] shodan.io actively infiltrating ntp.org IPv6 pools for
 scanning purposes

Ask Bjørn Hansen wrote:
> Hi Luca (and everyone),
>
> I removed those servers yesterday. Brad had been helping look to see if others were doing something similar.
>
> I think the behavior was falling well outside what's reasonably expected from a server operator participating in the pool.
>
> The operator had also been adding the same server multiple times in order to "attract" more traffic which is definitely outside the guidelines.
>

This guy has been doing other things that are not good net citizenship.
But it is not his agenda.  He is a black hat and he supports cracking.  Some people are like that.  Jerks.


Rob

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.