From owner-freebsd-security@FreeBSD.ORG  Fri Mar 21 04:21:08 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 125E9F51
 for <freebsd-security@freebsd.org>; Fri, 21 Mar 2014 04:21:08 +0000 (UTC)
Received: from mail.lariat.net (mail.lariat.net [66.62.230.51])
 by mx1.freebsd.org (Postfix) with ESMTP id AA4BB19B
 for <freebsd-security@freebsd.org>; Fri, 21 Mar 2014 04:21:06 +0000 (UTC)
Received: from Toshi.lariat.org (IDENT:ppp1000.lariat.net@localhost
 [127.0.0.1]) by mail.lariat.net (8.9.3/8.9.3) with ESMTP id WAA05406;
 Thu, 20 Mar 2014 22:21:00 -0600 (MDT)
Message-Id: <201403210421.WAA05406@mail.lariat.net>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Thu, 20 Mar 2014 22:20:52 -0600
To: "Ronald F. Guilmette" <rfg@tristatelogic.com>
From: Brett Glass <brett@lariat.org>
Subject: Re: NTP security hole CVE-2013-5211?
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Cc: freebsd-security@freebsd.org
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Mar 2014 04:21:08 -0000

At 03:37 PM 3/20/2014, Ronald F. Guilmette wrote:

>Starting from these lines in my /etc/ntp.conf file:
>
>server 0.freebsd.pool.ntp.org iburst
>server 1.freebsd.pool.ntp.org iburst
>server 2.freebsd.pool.ntp.org iburst
>
>I resolved each of those three host names to _all_ of its associated
>IPv4 addresses.  This yielded me the following list:
>
>50.116.38.157
>69.50.219.51
>69.55.54.17
>69.167.160.102
>108.61.73.244
>129.250.35.251
>149.20.68.17
>169.229.70.183
>192.241.167.38
>199.7.177.206
>209.114.111.1
>209.118.204.201

[Snip]

All of this is good. However, remember that anyone who can spoof IPs will know
that the above addresses are the defaults for any FreeBSD machine and can
take advantage of these "holes" in your firewall.

--Brett Glass