>>> Have sites complaining that 72.8.140.222 is showing up on command >>> and control server. [...] >> Whether a machine has been infected by malware is not related >> directly to whether it is serving good time. > The problem is that some intrusion detection systems or ISP systems > that attempt to detect malware will see that someone is communicating > with an IP that is on a list of command and control servers, without > checking in detail what kind of communication it is.
The NTP pool also is not a mechanism for handholding sites with incompetent IDS monitoring. I think the pool should do nothing here. If it's serving good time, I think it belongs in the pool; if it's not, not. Anyone who freaks out over port-123 traffic to it because of something unrelated to NTP needs to learn to check before freaking. It is not a service to keep the incompetent from suffering the consequences of their incompetence. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML [email protected] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
