On Mar 20, 2014 9:21 PM, "Brett Glass" <brett@lariat.org> wrote: > > At 03:37 PM 3/20/2014, Ronald F. Guilmette wrote: > >> Starting from these lines in my /etc/ntp.conf file: >> >> server 0.freebsd.pool.ntp.org iburst >> server 1.freebsd.pool.ntp.org iburst >> server 2.freebsd.pool.ntp.org iburst >> >> I resolved each of those three host names to _all_ of its associated >> IPv4 addresses. This yielded me the following list: >> >> 50.116.38.157 >> 69.50.219.51 >> 69.55.54.17 >> 69.167.160.102 >> 108.61.73.244 >> 129.250.35.251 >> 149.20.68.17 >> 169.229.70.183 >> 192.241.167.38 >> 199.7.177.206 >> 209.114.111.1 >> 209.118.204.201 > > > [Snip] > > All of this is good. However, remember that anyone who can spoof IPs will know > that the above addresses are the defaults for any FreeBSD machine and can > take advantage of these "holes" in your firewall. While true, that does mean that amplification attacks are limited to being able to attack those ten machines. A not insignificant reduction in hosts vulnerable to attack. > > --Brett Glass > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org " _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"