Re: WINDOWS XP NTP

From: John Galt (galt@inconnu.isu.edu)
Date: 08/21/01


Date: Tue, 21 Aug 2001 14:05:29 -0600 (MDT)
From: John Galt <galt@inconnu.isu.edu>
To: Dino <slayer67@apk.net>
Subject: Re: WINDOWS XP NTP
Message-ID: <Pine.LNX.4.33.0108211352300.6369-100000@inconnu.isu.edu>


locutus#ntptrace time.windows.com
time.windows.com: stratum 2, offset 0.002825, synch distance 0.06490
time.nist.gov: stratum 1, offset 0.004652, synch distance 0.00000, refid 'ACTS'

Locutus is most definitely not a windows XP box :)

I'm still guessing that any and all NTP 'sploits are prefectly valid for
Win XP, and even more so, since there is a default attack vector. You can
get substantial coverage with a script that forges an NTP packet from
time.windows.com (207.46.228.33 according to my dig, but it's
non-authoritative...) The fun part is they're .60 seconds off NIST:
pathetic for a stratum 2.

On Tue, 21 Aug 2001, Dino wrote:

>I apologize for making a mistake on the name of the NTP:
>time.microsoft.com vs time.windows.com
>
>When I tried a 3rd party app and sad it did not work using time.windows.com,
>I really used time.microsoft.com.
>
>Sorry for the swap of names:(
>(yes I tried time.microsoft.com and time.windows.com and neither worked on a
>non-XP box)
>
>
>
>

-- 
There is an old saying that if a million monkeys typed on a million
keyboards for a million years, eventually all the works of Shakespeare
would be produced.   Now, thanks to Usenet, we know this is not true.

Who is John Galt? galt@inconnu.isu.edu, that's who!