NTP security hole CVE-2013-5211?
Micheas Herman
m at micheas.net
Fri Mar 21 04:39:04 UTC 2014
On Mar 20, 2014 9:21 PM, "Brett Glass" <brett at lariat.org> wrote:
>
> At 03:37 PM 3/20/2014, Ronald F. Guilmette wrote:
>
>> Starting from these lines in my /etc/ntp.conf file:
>>
>> server 0.freebsd.pool.ntp.org iburst
>> server 1.freebsd.pool.ntp.org iburst
>> server 2.freebsd.pool.ntp.org iburst
>>
>> I resolved each of those three host names to _all_ of its associated
>> IPv4 addresses. This yielded me the following list:
>>
>> 50.116.38.157
>> 69.50.219.51
>> 69.55.54.17
>> 69.167.160.102
>> 108.61.73.244
>> 129.250.35.251
>> 149.20.68.17
>> 169.229.70.183
>> 192.241.167.38
>> 199.7.177.206
>> 209.114.111.1
>> 209.118.204.201
>
>
> [Snip]
>
> All of this is good. However, remember that anyone who can spoof IPs will
know
> that the above addresses are the defaults for any FreeBSD machine and can
> take advantage of these "holes" in your firewall.
While true, that does mean that amplification attacks are limited to being
able to attack those ten machines. A not insignificant reduction in hosts
vulnerable to attack.
>
> --Brett Glass
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org
"
More information about the freebsd-security
mailing list