Re: [fw-wiz] Acqusition of time

From: Martin Peikert (Martin.Peikert@discon.de)
Date: 01/30/03

• Next message: Matthew Kirkwood: "Re: [fw-wiz] Proxy Firewalls (was FWTK vs T.REX)"
• Previous message: Ben Nagy: "Re: [fw-wiz] Content Switch as security device?"
• In reply to: Ben Nagy: "Re: [fw-wiz] Acqusition of time"
• Next in thread: Frank Knobbe: "Re: [fw-wiz] Acqusition of time"
• Reply: Frank Knobbe: "Re: [fw-wiz] Acqusition of time"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Martin Peikert" <Martin.Peikert@discon.de>
To: firewall-wizards@honor.icsalabs.com
Date: Thu Jan 30 09:40:21 2003

Ben Nagy wrote:
> If a firewall can't reach an NTP server because of some transient network
> condition the clock doesn't automatically go haywire - it will just start
> drifting as per the normal accuracy of the hardware clock, no?

Not necessarily. You could use clockspeed, see
http://cr.yp.to/clockspeed.html
,-----------------------------------------------------------------------
| clockspeed uses a hardware tick counter to compensate for a
| persistently fast or slow system clock. Given a few time measurements
| from a reliable source, it computes and then eliminates the clock
| skew.
`-----------------------------------------------------------------------
and
,-----------------------------------------------------------------------
| Typical success story: I started clockspeed on one of my Pentium
| computers at home on 1998-05-05. I ran sntpclock (through a 28.8
| dialup line) once on 1998-05-05 and once on 1998-05-30. On 1998-08-22,
| after no network time input for nearly three months, the clock was
| just 0.21 seconds off.
`-----------------------------------------------------------------------

So, if a firewall can't reach an NTP server a longer time, I would think
that you really have a problem ;-) But for a sufficient length of time
clockspeed will do the job and keep the time from drifting too far...

GTi

---

• Next message: Matthew Kirkwood: "Re: [fw-wiz] Proxy Firewalls (was FWTK vs T.REX)"
• Previous message: Ben Nagy: "Re: [fw-wiz] Content Switch as security device?"
• In reply to: Ben Nagy: "Re: [fw-wiz] Acqusition of time"
• Next in thread: Frank Knobbe: "Re: [fw-wiz] Acqusition of time"
• Reply: Frank Knobbe: "Re: [fw-wiz] Acqusition of time"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Need Help Security issue ... >> material leaving hundreds of temporary internet files and cookies on the ... >> the clock was changed while those porn sites were accessed. ... Does the company in question have a firewall? ... think that ME logs that info. ... (comp.security.misc) Re: Disabling Windows XP Firewall? ... >I am trying to access a forum but after I press ... > temporarily disable the firewall or the clock is not set at the ... especially with Windows Firewall. ... (microsoft.public.windowsxp.general) Re: [fw-wiz] Acqusition of time ... If a firewall can't reach an NTP server because of some transient network ... condition the clock doesn't automatically go haywire - it will just start ... (Firewall-Wizards) Re: 08 MSRP ... i wonder how this 'puter clock gets off like that in a month or so. ... Working Time Servers: ... I've never had problems with windows firewall or mcafee's firewall blocking the time service. ... (rec.motorcycles.harley) Re: msmsgs.exe--what is it? ... Look for green or red man next to clock. ... > I got my new Dell XP Home computer going over the weekend:) Installed ... > firewall, ms updates, adaware, antivirus, no problems so far. ... (microsoft.public.windowsxp.general)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > Firewall-Wizards  > 2003-01