OT: Solaris help - TOD service - NTP

This is a discussion on OT: Solaris help - TOD service - NTP ; Folks, I appreciate this is off-topic (although time-related), but the following statement has been made about the loss of a TOD service in a cable modem environment: __________________________________________________ ____ Have dug around and spoke to a couple of people who ...

+ Reply to Thread
Results 1 to 12 of 12

Thread: OT: Solaris help - TOD service

  1. OT: Solaris help - TOD service

    Folks, I appreciate this is off-topic (although time-related), but the
    following statement has been made about the loss of a TOD service in a
    cable modem environment:

    __________________________________________________ ____
    Have dug around and spoke to a couple of people who deal with the head end
    side of things. The TOD ran on the dhcp servers and the modems were
    configured to get there TOD from them. I believe it was turned off. It
    runs as a service under inetd on Solaris and inetd was switched off as a
    security measure. Due to it being used to give the modem time of day for
    config files, They will not switch it back on again.
    __________________________________________________ ____


    I have no experience of Solaris, but wouldn't turning off inetd prevent
    any network connectivity, and stop DHCP being served? Can anyone shed
    light whether the statement contains some grain of truth or not?

    Thanks,
    David



  2. Re: OT: Solaris help - TOD service

    David,

    David J Taylor wrote:
    > Folks, I appreciate this is off-topic (although time-related), but the
    > following statement has been made about the loss of a TOD service in a
    > cable modem environment:
    >
    > __________________________________________________ ____
    > Have dug around and spoke to a couple of people who deal with the head end
    > side of things. The TOD ran on the dhcp servers and the modems were
    > configured to get there TOD from them. I believe it was turned off. It
    > runs as a service under inetd on Solaris and inetd was switched off as a
    > security measure. Due to it being used to give the modem time of day for
    > config files, They will not switch it back on again.
    > __________________________________________________ ____
    >
    >
    > I have no experience of Solaris, but wouldn't turning off inetd prevent
    > any network connectivity, and stop DHCP being served? Can anyone shed
    > light whether the statement contains some grain of truth or not?


    I'm not familiar wit TOD, but just a few words to inetd:

    Inetd is a "super-daemon" which can start specific network services only if
    a request for a specific service arrives.

    For services like e.g. FTP this can make sense. If you run a busy FTP server
    then you can have the FTP daemon running all the time. However, if the FTP
    service is just used occasionally then having the FTP daemon running all
    the time would be a waste of resources.

    In such cases inetd can be configured to listen on the FTP port. If an FTP
    connection request arrived then ined started the FTP daemon and forward
    that request to it.

    Of course for ntpd this would not make much sense since ntpd would be
    started only when a request from a client arrives.

    Martin
    --
    Martin Burnicki

    Meinberg Funkuhren
    Bad Pyrmont
    Germany

  3. Re: OT: Solaris help - TOD service

    Martin Burnicki wrote:

    >
    > I'm not familiar wit TOD, but just a few words to inetd:
    >

    Note that the really basic time services like daytime are implemented
    internally within inetd; inetd is the time server for those protocols.
    I don't know what is meant by TOD here, but it might actually mean the
    ASCII or binary time provided by inetd.

  4. Re: OT: Solaris help - TOD service

    David Woolley wrote:

    > Martin Burnicki wrote:
    >
    >>
    >> I'm not familiar wit TOD, but just a few words to inetd:
    >>

    > Note that the really basic time services like daytime are implemented
    > internally within inetd; inetd is the time server for those protocols.
    > I don't know what is meant by TOD here, but it might actually mean the
    > ASCII or binary time provided by inetd.


    Right, that's a good point I forgot to mention.

    And, like other services, the time and daytime services are provided by
    inetd only if they have been activated in the inetd configuration.

    Martin
    --
    Martin Burnicki

    Meinberg Funkuhren
    Bad Pyrmont
    Germany

  5. Re: OT: Solaris help - TOD service

    David Woolley wrote:
    > Martin Burnicki wrote:
    >
    >>
    >> I'm not familiar wit TOD, but just a few words to inetd:
    >>

    > Note that the really basic time services like daytime are implemented
    > internally within inetd; inetd is the time server for those protocols.
    > I don't know what is meant by TOD here, but it might actually mean the
    > ASCII or binary time provided by inetd.


    Thanks, David and Martin.

    As I understand it, TOD here refers to a cable modem making a TCP or UDP
    request to port 13 on a server.

    Is there any good reason for inetd "to be switched off as a security
    measure"? Could the TOD service be provided stand-alone, instead of
    within inetd? Perhaps not....

    Of course, a more relevant question could be: Why aren't the cable modems
    using NTP? My cable modem is a Motorola SB5101E, by the way.

    http://broadband.motorola.com/catalo...01E-6-2006.pdf

    http://download.modem-help.co.uk/mfc...s/User-Guides/

    Thanks,
    David



  6. Re: OT: Solaris help - TOD service

    David J Taylor wrote:

    > David Woolley wrote:
    >> Martin Burnicki wrote:
    >>
    >>>
    >>> I'm not familiar wit TOD, but just a few words to inetd:
    >>>

    >> Note that the really basic time services like daytime are implemented
    >> internally within inetd; inetd is the time server for those protocols.
    >> I don't know what is meant by TOD here, but it might actually mean the
    >> ASCII or binary time provided by inetd.

    >
    > Thanks, David and Martin.
    >
    > As I understand it, TOD here refers to a cable modem making a TCP or UDP
    > request to port 13 on a server.


    Huh, port 13 is used by the "daytime" protocol which returns date and local
    time in human readable format which is not even well-defined, e.g.:

    # telnet gateway 13
    13 JUN 2008 11:08:43 CEST

    # telnet time-a.nist.gov 13
    54630 08-06-13 09:08:53 50 0 0 24.2 UTC(NIST) *

    You see gateway (a local Linux machine) returns quite a different string on
    the daytime port than one of the NIST time servers. This is why IMHO the
    daytime protocol is not generally usable for automated time
    synchronization.

    The old "time" protocol using port 37 on the other hand returns UTC time in
    machine readable format, which is much easier to handle for automated time
    synchronization.

    > Is there any good reason for inetd "to be switched off as a security
    > measure"? Could the TOD service be provided stand-alone, instead of
    > within inetd? Perhaps not....


    Generally it's good to disable all services which are not needed. However,
    if the inetd has no known security problems it should be no problem to have
    it running to provided required services. I'm sure the OS can be configured
    to start inetd.

    > Of course, a more relevant question could be: Why aren't the cable modems
    > using NTP? My cable modem is a Motorola SB5101E, by the way.


    Very simple devices may not even require the accuracy of NTP, and the "time"
    protocol would be sufficient. The specific question for me is: why does it
    use the daytime protocol instead of the time protocol or NTP?

    Martin
    --
    Martin Burnicki

    Meinberg Funkuhren
    Bad Pyrmont
    Germany

  7. Re: OT: Solaris help - TOD service

    Martin Burnicki wrote:
    []
    > Generally it's good to disable all services which are not needed.
    > However, if the inetd has no known security problems it should be no
    > problem to have it running to provided required services. I'm sure
    > the OS can be configured to start inetd.


    Yes, I accept that, but Solaris having security issues in inetd?

    > Very simple devices may not even require the accuracy of NTP, and the
    > "time" protocol would be sufficient. The specific question for me is:
    > why does it use the daytime protocol instead of the time protocol or
    > NTP?
    >
    > Martin


    Martin, it would most likely be time on port 37. The modem isses the
    error message:

    ToD request sent- No Response received

    and I can't find a detailed manual for the modem's software.

    Thanks,
    David



  8. Re: OT: Solaris help - TOD service

    David J Taylor wrote:

    > Is there any good reason for inetd "to be switched off as a security
    > measure"? Could the TOD service be provided stand-alone, instead of
    > within inetd? Perhaps not....


    The services inetd calls are generally obsolete (rsh, rdate, telnet etc) or
    nearly so (ftp). As a general rule, admins either comment everything out
    or disable inetd entirely. Real, modern daemons, like sshd and httpd, run
    all the time and don't need to be called on demand.

    As noted, a bunch of the old "really cool in 1983" protocols like echo
    (port 7), discard (8), daytime (13), or the coolest of them all in 1983,
    chargen (19). Telnet to these ports on a Solaris box, especially one that
    doesn't have Solaris 10, and you can see the wild and wonderful things they
    generate.

    You could, conceivably, remove everything else and just leave daytime
    configured ... but you've got to ask yourself "Why aren't they using NTP?"


    --
    Peter Laws / N5UWY
    National Weather Center / Network Operations Center
    University of Oklahoma Information Technology
    plaws@ou.edu
    -----------------------------------------------------------------------
    Feedback? Contact my director, Craig Cochell, craigc@ou.edu. Thank you!

    _______________________________________________
    questions mailing list
    questions@lists.ntp.org
    https://lists.ntp.org/mailman/listinfo/questions

    --- StripMime Report -- processed MIME parts ---
    multipart/mixed
    text/plain (text body -- kept)
    text/plain (text body -- kept)
    ---

  9. Re: OT: Solaris help - TOD service

    Peter Laws wrote:
    > David J Taylor wrote:
    >
    >> Is there any good reason for inetd "to be switched off as a security
    >> measure"? Could the TOD service be provided stand-alone, instead of
    >> within inetd? Perhaps not....

    >
    > The services inetd calls are generally obsolete (rsh, rdate, telnet
    > etc) or nearly so (ftp). As a general rule, admins either comment
    > everything out or disable inetd entirely. Real, modern daemons, like
    > sshd and httpd, run all the time and don't need to be called on
    > demand.
    > As noted, a bunch of the old "really cool in 1983" protocols like echo
    > (port 7), discard (8), daytime (13), or the coolest of them all in
    > 1983, chargen (19). Telnet to these ports on a Solaris box,
    > especially one that doesn't have Solaris 10, and you can see the wild
    > and wonderful things they generate.
    >
    > You could, conceivably, remove everything else and just leave daytime
    > configured ... but you've got to ask yourself "Why aren't they using
    > NTP?"


    Peter,

    That's helpful, in that it seems what the admins on this Solaris system
    have done is at least, first-order, reasonable.

    They aren't using NTP because, presumably, the Motorola cable modems don't
    use NTP. This occurs during the boot sequence of the cable modems when,
    perhaps, very little intelligence is available. Having said that, the
    modems can also download a new firmware image, and I would have thought
    that such an image could work with NTP.

    The net result of lack of ToD is that any errors are timestamped 1970-x-x,
    making fault diagnosis rather more difficult.

    Thanks for all the feedback folks, and I suggest we revert to the normal
    advertised topic!

    Cheers,
    David



  10. Re: OT: Solaris help - TOD service

    In article ,
    David J Taylor wrote:

    >Folks, I appreciate this is off-topic (although time-related), but the
    >following statement has been made about the loss of a TOD service in a
    >cable modem environment:


    >__________________________________________________ ____
    >Have dug around and spoke to a couple of people who deal with the head end
    >side of things. The TOD ran on the dhcp servers and the modems were
    >configured to get there TOD from them. I believe it was turned off. It
    >runs as a service under inetd on Solaris and inetd was switched off as a
    >security measure. Due to it being used to give the modem time of day for
    >config files, They will not switch it back on again.
    >__________________________________________________ ____


    Solaris 10 had some big changes in the way inetd and services in general
    are handled. In essence, inetd pretty much doesn't run any more. It's
    now done with the svcadm command and its ilk. Not sure what is the
    'default' but some of the things inetd used to do (defined in inetd.conf)
    got translated to the new way but default to 'disabled'. I.e. if you
    do a 'svcs -a' you will see all the services and their status (enabled or
    disabled). Some of the ones I see on this box (Solaris 10):

    disabled Apr_15 svc:/network/dhcp-server:default
    ....
    disabled Apr_15 svc:/network/daytime:dgram
    disabled Apr_15 svc:/network/daytime:stream
    disabled Apr_15 svc:/network/discard:dgram
    disabled Apr_15 svc:/network/discard:stream
    disabled Apr_15 svc:/network/echo:dgram
    disabled Apr_15 svc:/network/echo:stream
    disabled Apr_15 svc:/network/time:dgram
    disabled Apr_15 svc:/network/time:stream
    disabled Apr_15 svc:/network/ftp:default
    ....

    So if you want to start them you'd use svcadm.

    HTH,

    Bob
    --
    ---------------------------------------------------------------------_------
    |Bob Rahe, MIEEE, bob@dtcc.edu (RWR50) / ASCII ribbon campaign ( ) |
    |Delaware Technical & Community College / - against HTML email X |
    |Computer Center, Dover, Delaware / & vCards / \ |
    ----------------------------------------------------------------------------
    ** Posted from http://www.teranews.com **

  11. Re: OT: Solaris help - TOD service

    Peter Laws wrote:


    > As noted, a bunch of the old "really cool in 1983" protocols like echo
    > (port 7), discard (8), daytime (13), or the coolest of them all in 1983,
    > chargen (19).


    Got interrupted and missed a fragment:

    As noted, a bunch of the old "really cool in 1983" protocols like echo
    (port 7), discard (8), daytime (13), or the coolest of them all in 1983,
    chargen (19) are provided by inetd itself as opposed to calling an
    application to service the request. You can see which ones on a Solaris
    box by looking for "internal" on the rows for those services.

    Telnet to these ports on a Solaris box, especially one that doesn't have
    Solaris 10, and you can see the wild and wonderful things they generate.



    Better. :-)

    --
    Peter Laws / N5UWY
    National Weather Center / Network Operations Center
    University of Oklahoma Information Technology
    plaws@ou.edu
    -----------------------------------------------------------------------
    Feedback? Contact my director, Craig Cochell, craigc@ou.edu. Thank you!

    _______________________________________________
    questions mailing list
    questions@lists.ntp.org
    https://lists.ntp.org/mailman/listinfo/questions

    --- StripMime Report -- processed MIME parts ---
    multipart/mixed
    text/plain (text body -- kept)
    text/plain (text body -- kept)
    ---

  12. Re: OT: Solaris help - TOD service

    Peter Laws wrote:
    > Peter Laws wrote:
    >
    >
    >> As noted, a bunch of the old "really cool in 1983" protocols like
    >> echo (port 7), discard (8), daytime (13), or the coolest of them
    >> all in 1983, chargen (19).

    >
    > Got interrupted and missed a fragment:
    >
    > As noted, a bunch of the old "really cool in 1983" protocols like echo
    > (port 7), discard (8), daytime (13), or the coolest of them all in
    > 1983, chargen (19) are provided by inetd itself as opposed to calling
    > an application to service the request. You can see which ones on a
    > Solaris box by looking for "internal" on the rows for those services.
    >
    > Telnet to these ports on a Solaris box, especially one that doesn't
    > have Solaris 10, and you can see the wild and wonderful things they
    > generate.
    >
    >
    >
    > Better. :-)


    Thanks, Peter.

    Cheers,
    David
    --
    SatSignal software - quality software written to your requirements
    Web: http://www.satsignal.eu
    Email: davidtaylor@writeme.com

+ Reply to Thread