1. 4
  1.  

  2. 1

    One of three options:

    • There is a malicious NTP time server in the global NTP pool;
    • Someone has hacked one of the NTP time servers in the global pool;
    • Shodan is running some of their own

    Whichever way, Shodan is being fed IP addresses from harvesters across the ‘net. And from the comments, it seems like people are actively trying to find ways to find the needles in the IPv6 address space haystack – Skype and BitTorrent are other possible triggers.

    What I gather is that IPv6 is too large for a bruteforce scan across the entire space, which is obvious. Therefore people are trying to find ways to collect IPv6 addresses that are actually in use and then scan them. It’s amusing to me, I hadn’t considered the sheer size of IPv6 addresses to possibly obscure my IP address (so long as I’m not generating too much traffic I guess).