Date: Thu, 20 Mar 2014 21:38:57 -0700 From: Micheas Herman <m@micheas.net> To: freebsd-security@freebsd.org Subject: Re: NTP security hole CVE-2013-5211? Message-ID: <CAJw6ijkqBTzcD-WyOQtiU3=R2W8fZjKR=qo5AW9836fOkyNudQ@mail.gmail.com> In-Reply-To: <201403210421.WAA05406@mail.lariat.net> References: <201403210421.WAA05406@mail.lariat.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 20, 2014 9:21 PM, "Brett Glass" <brett@lariat.org> wrote: > > At 03:37 PM 3/20/2014, Ronald F. Guilmette wrote: > >> Starting from these lines in my /etc/ntp.conf file: >> >> server 0.freebsd.pool.ntp.org iburst >> server 1.freebsd.pool.ntp.org iburst >> server 2.freebsd.pool.ntp.org iburst >> >> I resolved each of those three host names to _all_ of its associated >> IPv4 addresses. This yielded me the following list: >> >> 50.116.38.157 >> 69.50.219.51 >> 69.55.54.17 >> 69.167.160.102 >> 108.61.73.244 >> 129.250.35.251 >> 149.20.68.17 >> 169.229.70.183 >> 192.241.167.38 >> 199.7.177.206 >> 209.114.111.1 >> 209.118.204.201 > > > [Snip] > > All of this is good. However, remember that anyone who can spoof IPs will know > that the above addresses are the defaults for any FreeBSD machine and can > take advantage of these "holes" in your firewall. While true, that does mean that amplification attacks are limited to being able to attack those ten machines. A not insignificant reduction in hosts vulnerable to attack. > > --Brett Glass > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org "
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJw6ijkqBTzcD-WyOQtiU3=R2W8fZjKR=qo5AW9836fOkyNudQ>