From owner-freebsd-security@FreeBSD.ORG Fri Mar 21 04:39:04 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4C92129D for ; Fri, 21 Mar 2014 04:39:04 +0000 (UTC) Received: from mail-qg0-f41.google.com (mail-qg0-f41.google.com [209.85.192.41]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 0BEAE2F4 for ; Fri, 21 Mar 2014 04:39:03 +0000 (UTC) Received: by mail-qg0-f41.google.com with SMTP id i50so5596609qgf.0 for ; Thu, 20 Mar 2014 21:38:57 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=Ktci5MfdPLeqi7EMjjB/jOrjnvbg5qvx3l+XAQZeRd4=; b=G9dz+KJ3LbbxoruBvmp7TkZbyfsD/Pdmh0uRMNAq+SCQ/A8l4vbNSdbghRyKmNsZk/ 0o/2jCEGBmyCAjXHB050IFpCR6oguX9BGLEQbCIjHOKwWrKmcE8sdGe1nOv3priz2G+q gptWFg74EbPQtbEmPlb9w0/jFe4jvjl7cBX8RCfW/FUjXRdx/w8ZJ5uSiTPADwNNwSEJ w6IQBzvCvvunb3JeIvWNVJ1usEBhImcueP4G4JVl3pbjafB8cGrRqV8hloRbKb+6DeT6 30nlgQhwkjKDdBhcQAKz7ni1hY3q0KgOcq+R42O4dGYTc9PvRdUHmzIr3bJvunvg7kwV wDUw== X-Gm-Message-State: ALoCoQn7WAjRi8dao725QLtHC+O/k7BP7iBn/O9haruTu758RonczaSmNZ0o6uWLCeKFVWuNN2gA MIME-Version: 1.0 X-Received: by 10.140.43.228 with SMTP id e91mr20241182qga.35.1395376737462; Thu, 20 Mar 2014 21:38:57 -0700 (PDT) Received: by 10.140.49.104 with HTTP; Thu, 20 Mar 2014 21:38:57 -0700 (PDT) Received: by 10.140.49.104 with HTTP; Thu, 20 Mar 2014 21:38:57 -0700 (PDT) In-Reply-To: <201403210421.WAA05406@mail.lariat.net> References: <201403210421.WAA05406@mail.lariat.net> Date: Thu, 20 Mar 2014 21:38:57 -0700 Message-ID: Subject: Re: NTP security hole CVE-2013-5211? From: Micheas Herman To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.17 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 04:39:04 -0000 On Mar 20, 2014 9:21 PM, "Brett Glass" wrote: > > At 03:37 PM 3/20/2014, Ronald F. Guilmette wrote: > >> Starting from these lines in my /etc/ntp.conf file: >> >> server 0.freebsd.pool.ntp.org iburst >> server 1.freebsd.pool.ntp.org iburst >> server 2.freebsd.pool.ntp.org iburst >> >> I resolved each of those three host names to _all_ of its associated >> IPv4 addresses. This yielded me the following list: >> >> 50.116.38.157 >> 69.50.219.51 >> 69.55.54.17 >> 69.167.160.102 >> 108.61.73.244 >> 129.250.35.251 >> 149.20.68.17 >> 169.229.70.183 >> 192.241.167.38 >> 199.7.177.206 >> 209.114.111.1 >> 209.118.204.201 > > > [Snip] > > All of this is good. However, remember that anyone who can spoof IPs will know > that the above addresses are the defaults for any FreeBSD machine and can > take advantage of these "holes" in your firewall. While true, that does mean that amplification attacks are limited to being able to attack those ten machines. A not insignificant reduction in hosts vulnerable to attack. > > --Brett Glass > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org "