From owner-freebsd-security@freebsd.org  Sat Apr 30 06:03:36 2016
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 35ACCAD9024
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Sat, 30 Apr 2016 06:03:36 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id C29E9119F
 for <freebsd-security@freebsd.org>; Sat, 30 Apr 2016 06:03:35 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221])
 by hz.grosbein.net (8.14.9/8.14.9) with ESMTP id u3U5v39O038702
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
 Sat, 30 Apr 2016 07:57:04 +0200 (CEST)
 (envelope-from eugen@grosbein.net)
X-Envelope-From: eugen@grosbein.net
X-Envelope-To: marquis@roble.com
Received: from [10.58.0.10] (dadvw [10.58.0.10])
 by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id u3U5uxav023810
 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT);
 Sat, 30 Apr 2016 12:56:59 +0700 (KRAT)
 (envelope-from eugen@grosbein.net)
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp
To: Roger Marquis <marquis@roble.com>, Charles Swiger <cswiger@mac.com>
References: <20160429082953.DB31D1769@freefall.freebsd.org>
 <9e6342a420259fec7bd21d6222cc6e05@zahemszky.hu>
 <1461929003.67736.2.camel@yandex.com>
 <CINIP100NTSBSRqf69a0000002a@cinip100ntsbs.irtnog.net>
 <BABF8C57A778F04791343E5601659908237051@cinip100ntsbs.irtnog.net>
 <0O6F002Z65WLUS40@mr28p00im-smtpin028.me.com>
 <28698FCA-CEAB-4A0F-9F12-57FCCD871E1E@mac.com>
 <201604300045.u3U0icQk037159@hz.grosbein.net>
Cc: freebsd-security <freebsd-security@freebsd.org>
From: Eugene Grosbein <eugen@grosbein.net>
Message-ID: <57244926.9000907@grosbein.net>
Date: Sat, 30 Apr 2016 12:56:54 +0700
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <201604300045.u3U0icQk037159@hz.grosbein.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM
 autolearn=no version=3.3.2
X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1%
 *      [score: 0.0000] *  2.6 LOCAL_FROM From my domains
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on hz.grosbein.net
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Apr 2016 06:03:36 -0000

30.04.2016 7:44, Roger Marquis пишет:

> Are you seriously proposing that most FreeBSD installations need to
> serve as timeservers?

Absolutely. Every LAN router should be capable in supplying NTP service
for its LAN clients, it just needs a way to differentiate its LAN/WAN interfaces
(security zones) to prevent abuse from outer interfaces.