Re: ZoneAlarm - letting my computer clock contact the TimeServer
From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 03/25/05
- Next message: Darko Gavrilovic: "Re: Firewall tests"
- Previous message: nemo outis: "Re: Need to protect a computer from a snooping spouse"
- In reply to: Clark: "Re: ZoneAlarm - letting my computer clock contact the TimeServer"
- Next in thread: Clark: "Re: ZoneAlarm - letting my computer clock contact the TimeServer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 24 Mar 2005 18:31:27 -0600
In article <upg541103919tg6s00jqaem5i4asvr80lj@4ax.com>, Clark wrote:
>Well, maybe I answered my own question, so possibly someone can tell
>me if this method is OK. I determined that the NTP protocol (Port
>119) is the one that allows for time synchronization.
[compton ~]$ grep -w 119 rfcs/port-numbers
nntp 119/tcp Network News Transfer Protocol
nntp 119/udp Network News Transfer Protocol
[compton ~]$
Guess again. You want a time port, not a news port.
>There wasn't any NTP port listed there, so I arbitrarily selected "Allow
>incoming UDP ports" and put 119 as the port number. Is that OK? It
>works, anyway... I just want to make sure I'm not opening my computer up
>to folks who want to get into it.
[compton ~]$ grep -Ew "(13|37|123)" rfcs/port-numbers
daytime 13/tcp Daytime (RFC 867)
daytime 13/udp Daytime (RFC 867)
time 37/tcp Time (RFC 868)
time 37/udp Time (RFC 868)
ntp 123/tcp Network Time Protocol
ntp 123/udp Network Time Protocol
[compton ~]$
I suspect you've got things mightily screwed up. You almost certainly want
port 123, not 119. Ports 13 and 37 are much less commonly used. However,
the way to find out is to use the logging mechanism of your toy firewall.
Set it to block everything, and to log every packet. Then try to do a time
sync, and see what ports your system wants to use. NTP (RFC 1305) and SNTP
(RFC 2030) both use UDP port 123 as source and destination. Obviously, you
also need >1024/udp to 53/udp on your ISPs name servers to resolve the
address. Once you have determined the ports needed, turn off the logging
to prevent wasted disk space. If your firewall is blocking the 87 bazillion
connection attempts per hour, you really don't need to know that some system
in Kenya or Korea attempted to connect to a trojan you don't have installed.
>Now, does anyone know how to force several time syncs per day? I'm
>using XP, SP2. This computer clock is really bad and needs frequent
>re-setting.
Standard computer clock oscillators should be good to +/- 100 ppm, or
about 9 seconds a day.
Old guy
- Next message: Darko Gavrilovic: "Re: Firewall tests"
- Previous message: nemo outis: "Re: Need to protect a computer from a snooping spouse"
- In reply to: Clark: "Re: ZoneAlarm - letting my computer clock contact the TimeServer"
- Next in thread: Clark: "Re: ZoneAlarm - letting my computer clock contact the TimeServer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
