15 Dec
2016
15 Dec
'16
11:19 p.m.
On 16 Dec 2016, at 10:17, Roland Dobbins wrote:
Over on nznog, Cameron Bradley posited that this may be related to a TR-069/-064 Mirai variant, which makes use of a 'SetNTPServers' exploit. Perhaps one of them is actually setting timeservers? This SANS writeup details the SOAP strings: <https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759> ----------------------------------- Roland Dobbins <rdobbins@arbor.net>