Is there a vendor zone list somewhere where we can lookup companies?
I recently (yesterday) re-enabled logging and sure enough Jasper Technologies (a division of Cisco) has been continuing to pound away at my ntp server.
I tried using ‘jasper’ and ‘cisco’ for pool names and that didn’t return anything, but who knows what they could have named them (if indeed they have a valid pool).
Company Info: https://www.jasper.com/
Anyhow, in the past 24 hours I’ve received 495,640 requests total from around 140 unique IPs within their 22.214.171.124/22 netblock. Even with that subset of active IPs, only about a third-to-half are misbehaving.
I’m guessing maybe they are proxying requests for their IoT / mobile products? Or just testing a bunch of their products in-house?
This makes up only about 1% of my overall time queries within the past 24hrs, (out of ~2.4 Million unique IPs within the same time frame). Who know how many other NTP servers they are hitting too. My concern is though what happens next month / next year / etc as their products continue to scale.
So anyhow, I wanted to see if they did have a vendor zone and if they were abiding by proper use policy before I send them a nasty letter (now that I finally found a working feedback form). Whatever they are doing I bet could be done in a much more efficient and well behaved manner and achieve the same results.