From owner-freebsd-security@FreeBSD.ORG Fri Mar 21 16:23:21 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 62154CEB for ; Fri, 21 Mar 2014 16:23:21 +0000 (UTC) Received: from mail-wg0-x234.google.com (mail-wg0-x234.google.com [IPv6:2a00:1450:400c:c00::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id ED8ACF7D for ; Fri, 21 Mar 2014 16:23:20 +0000 (UTC) Received: by mail-wg0-f52.google.com with SMTP id k14so1748830wgh.23 for ; Fri, 21 Mar 2014 09:23:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; bh=bW0bSOv7StoDIV9CDZZW/q/8nwGV+sftgDnvXyltHLg=; b=0pMjrUPMnfeWpvpgDYJZIvVHHI9qgxEbUw5Y1e1hPJjLiZA6GDbTvofQNCeC6eihRL nDaD8kOK0TQrvAlC3cP2FtA4EqPamPAmeUSiFI3Yb9oa3SOxL1Oz4IknxNGUpBnyb6Om qgFxyPN2rB4rRfjKRI2yCGY+Uftlr3Jsl+tgxXt2c3Zcwq9aJHZYWXokVlsrUNTExhnt phYIG9Z36GoNPPWnA8EHVv1i7bfsRkO331oNwVhPIcZZ6X1l50flBRZAXUUK53MPNfAb 65xmbvxwbM+KPZ7LuHmI/gBDpBAGmUrKsKrkH6j6LO5NaYVqbm+JdyaqunhJ8Ggh5HAp hLPg== X-Received: by 10.180.164.69 with SMTP id yo5mr3496392wib.55.1395418979935; Fri, 21 Mar 2014 09:22:59 -0700 (PDT) Received: from gumby.homeunix.com ([94.195.197.72]) by mx.google.com with ESMTPSA id qg3sm6231930wic.10.2014.03.21.09.22.58 for (version=SSLv3 cipher=RC4-SHA bits=128/128); Fri, 21 Mar 2014 09:22:59 -0700 (PDT) Date: Fri, 21 Mar 2014 16:22:57 +0000 From: RW To: freebsd-security@freebsd.org Subject: Re: NTP security hole CVE-2013-5211? Message-ID: <20140321162257.1213a670@gumby.homeunix.com> In-Reply-To: <201403210421.WAA05406@mail.lariat.net> References: <201403210421.WAA05406@mail.lariat.net> X-Mailer: Claws Mail 3.9.3 (GTK+ 2.24.22; amd64-portbld-freebsd10.0) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Mar 2014 16:23:21 -0000 On Thu, 20 Mar 2014 22:20:52 -0600 Brett Glass wrote: > At 03:37 PM 3/20/2014, Ronald F. Guilmette wrote: > > >Starting from these lines in my /etc/ntp.conf file: > > > >server 0.freebsd.pool.ntp.org iburst > >server 1.freebsd.pool.ntp.org iburst > >server 2.freebsd.pool.ntp.org iburst > > > >I resolved each of those three host names to _all_ of its associated > >IPv4 addresses. This yielded me the following list: > > > >50.116.38.157 > >69.50.219.51 > >69.55.54.17 > >69.167.160.102 > >108.61.73.244 > >129.250.35.251 > >149.20.68.17 > >169.229.70.183 > >192.241.167.38 > >199.7.177.206 > >209.114.111.1 > >209.118.204.201 > > [Snip] > > All of this is good. When you use a vendor pool or pool.ntp.org, you get a random selection of servers in your local region. According to www.pool.ntp.org that's 869 for North America, and 2495 for Europe.