time.ucla.edu is closed - NTP

This is a discussion on time.ucla.edu is closed - NTP ; I guess we can't use time.ucla.edu unless we have an account there: nmap -p123 time.ucla.edu Starting Nmap 4.10 ( http://www.insecure.org/nmap/ ) at 2006-09-03 14:15 MST Interesting ports on tick.ucla.edu (164.67.62.194): PORT STATE SERVICE 123/tcp closed ntp Nmap finished: 1 IP ...

+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 22

Thread: time.ucla.edu is closed

  1. time.ucla.edu is closed

    I guess we can't use time.ucla.edu unless we have an account there:

    nmap -p123 time.ucla.edu

    Starting Nmap 4.10 ( http://www.insecure.org/nmap/ ) at 2006-09-03 14:15 MST
    Interesting ports on tick.ucla.edu (164.67.62.194):
    PORT STATE SERVICE
    123/tcp closed ntp

    Nmap finished: 1 IP address (1 host up) scanned in 1.628 seconds




  2. Re: time.ucla.edu is closed


    Felix Tilley writes:
    > I guess we can't use time.ucla.edu unless we have an account there:
    >
    > nmap -p123 time.ucla.edu
    >
    > PORT STATE SERVICE
    > 123/tcp closed ntp


    123/tcp ????

    When was the last time you saw a ntp tcp packet?

    -wolfgang

  3. Re: time.ucla.edu is closed

    On Sun, 03 Sep 2006 14:51:35 -0700, Wolfgang S. Rupprecht wrote:

    > 123/tcp ????
    >
    > When was the last time you saw a ntp tcp packet?
    >
    > -wolfgang


    I don't know if NTP uses TCP, UDP or both. All I know is time.ucla.edu
    does not respond to ntpdate (Linux version). This started a few days ago.

    Felix



  4. Re: time.ucla.edu is closed

    Felix Tilley wrote:
    > On Sun, 03 Sep 2006 14:51:35 -0700, Wolfgang S. Rupprecht wrote:
    >
    >> 123/tcp ????
    >>
    >> When was the last time you saw a ntp tcp packet?
    >>
    >> -wolfgang

    >
    > I don't know if NTP uses TCP, UDP or both. All I know is time.ucla.edu
    > does not respond to ntpdate (Linux version). This started a few days ago.
    >


    NTP has never used TCP.

    Where did you see that this system has public access? The notice
    attached to the list for tick (time is a CNAME) shows the following:

    AccessDetails: Open access to stratum-2 servers and to UCLA clients.

    So why are you trying to access it?

    Danny
    _______________________________________________
    questions mailing list
    questions@lists.ntp.isc.org
    https://lists.ntp.isc.org/mailman/listinfo/questions


  5. Re: time.ucla.edu is closed


    Felix Tilley writes:
    > I don't know if NTP uses TCP, UDP or both. All I know is time.ucla.edu
    > does not respond to ntpdate (Linux version). This started a few days ago.


    I think you might want to use something other than nmap to test that
    they closed the server. Nmap for 123/tcp will fail because ntp
    doesn't use tcp. Nmap for 123/udp probably won't give any meaningful
    output either. The nmap test for udp just tells you if talking to the
    port causes an ICMP port-unreachable to be sent. If it is filtered by
    a firewall that drops 123/udp then nmap will claim the port is "open".
    If ntp is running but ignoring non-approved hosts, then nmap similarly
    will claim it is "open".

    Personally, I used "ntpdate -d" to see if a host is answering. ;-)


    -wolfgang
    --
    Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/

  6. Re: time.ucla.edu is closed

    On Mon, 04 Sep 2006 02:54:39 +0000, Danny Mayer wrote:


    >
    > NTP has never used TCP.
    >
    > Where did you see that this system has public access? The notice
    > attached to the list for tick (time is a CNAME) shows the following:
    >
    > AccessDetails: Open access to stratum-2 servers and to UCLA clients.
    >
    > So why are you trying to access it?
    >
    > Danny


    This worked until a few days ago. It was available to the public.

    echo "ntp0.cornell.edu"
    ntpdate -ub ntp0.cornell.edu

    echo "time.caltech.edu"
    ntpdate -ub time.caltech.edu

    echo "time.ucla.edu"
    ntpdate -ub time.ucla.edu


    echo "ntp2.usno.navy.mil"
    ntpdate -ub ntp2.usno.navy.mil



  7. Re: time.ucla.edu is closed

    On Mon, 04 Sep 2006 02:54:39 +0000, Danny Mayer wrote:


    >
    > NTP has never used TCP.
    >
    > Where did you see that this system has public access? The notice
    > attached to the list for tick (time is a CNAME) shows the following:
    >
    > AccessDetails: Open access to stratum-2 servers and to UCLA clients.
    >
    > So why are you trying to access it?
    >
    > Danny


    It uses ntpdate -ub. I am on a dialup. No broadband here.
    I didn't mean to cause so much trouble here. I will wait until
    the holiday is over, and contact ucla.edu.

    I thank all of you for your help.

    syncmyclock

    Last syncmyclock update Mon, 04 Sep 2006 11:29:28 -0700

    time.arizona.edu
    4 Sep 12:48:12 ntpdate[4254]: step time server 128.196.128.234 offset 0.174213 sec
    ntp0.cornell.edu
    4 Sep 12:48:14 ntpdate[4255]: step time server 132.236.56.250 offset -0.004097 sec
    time.caltech.edu
    4 Sep 12:48:16 ntpdate[4256]: step time server 192.12.19.20 offset 0.002223 sec
    time.ucla.edu
    4 Sep 12:48:20 ntpdate[4257]: no server suitable for synchronization found
    ntp2.usno.navy.mil
    4 Sep 12:48:22 ntpdate[4258]: step time server 192.5.41.209 offset 0.000743 sec
    tick.usno.navy.mil
    4 Sep 12:48:25 ntpdate[4259]: step time server 192.5.41.40 offset 0.002183 sec
    Synching Hardware Clock to System Clock




  8. Re: time.ucla.edu is closed

    Felix Tilley wrote:

    > On Mon, 04 Sep 2006 02:54:39 +0000, Danny Mayer wrote:
    >
    >
    >
    >>NTP has never used TCP.
    >>
    >>Where did you see that this system has public access? The notice
    >>attached to the list for tick (time is a CNAME) shows the following:
    >>
    >>AccessDetails: Open access to stratum-2 servers and to UCLA clients.
    >>
    >>So why are you trying to access it?
    >>
    >>Danny

    >
    >
    > This worked until a few days ago. It was available to the public.
    >
    > echo "ntp0.cornell.edu"
    > ntpdate -ub ntp0.cornell.edu
    >
    > echo "time.caltech.edu"
    > ntpdate -ub time.caltech.edu
    >
    > echo "time.ucla.edu"
    > ntpdate -ub time.ucla.edu
    >
    >
    > echo "ntp2.usno.navy.mil"
    > ntpdate -ub ntp2.usno.navy.mil
    >
    >


    The fact that you could access it did not mean that your use was proper
    or welcome! My guess would be that too many people abused their
    hospitality.

    If you want a stratum one server, buy a GPS receiver and operate your
    own! If you are feeling generous, make it available to the public.

    Given the ever growing supply of idiots on the internet (individual AND
    corporate (Netgear, D-Link, etc.)) it wouldn't surprise me if more
    public servers ceased to make themselves available.


  9. Re: time.ucla.edu is closed

    Felix Tilley wrote:
    > On Mon, 04 Sep 2006 02:54:39 +0000, Danny Mayer wrote:
    >
    >
    >> NTP has never used TCP.
    >>
    >> Where did you see that this system has public access? The notice
    >> attached to the list for tick (time is a CNAME) shows the following:
    >>
    >> AccessDetails: Open access to stratum-2 servers and to UCLA clients.
    >>
    >> So why are you trying to access it?
    >>
    >> Danny

    >
    > This worked until a few days ago. It was available to the public.
    >
    > echo "time.ucla.edu"
    > ntpdate -ub time.ucla.edu
    >


    Let me ask you again: Why are you trying to use it at all? You do not
    fall into ANY of the groups listed in the restrictions list. ntpdate is
    also definitely does not meet any of the requirements since you are not
    using an ntpd server as required.

    You are using something that you shouldn't be using. Please stop using
    it. Also review every one of the servers that you are using and make
    sure you are meeting any and all restrictions required by the
    administrators of those systems.

    Danny
    _______________________________________________
    questions mailing list
    questions@lists.ntp.isc.org
    https://lists.ntp.isc.org/mailman/listinfo/questions


  10. Re: time.ucla.edu is closed

    Felix Tilley wrote:
    > On Mon, 04 Sep 2006 02:54:39 +0000, Danny Mayer wrote:
    >
    >
    >> NTP has never used TCP.
    >>
    >> Where did you see that this system has public access? The notice
    >> attached to the list for tick (time is a CNAME) shows the following:
    >>
    >> AccessDetails: Open access to stratum-2 servers and to UCLA clients.
    >>
    >> So why are you trying to access it?
    >>
    >> Danny

    >
    > It uses ntpdate -ub. I am on a dialup. No broadband here.
    > I didn't mean to cause so much trouble here. I will wait until
    > the holiday is over, and contact ucla.edu.
    >


    Don't bother, you have no right to use it. Please desist and use
    something else like the pool.

    > I thank all of you for your help.
    >
    > syncmyclock
    >
    > Last syncmyclock update Mon, 04 Sep 2006 11:29:28 -0700
    >
    > time.arizona.edu
    > 4 Sep 12:48:12 ntpdate[4254]: step time server 128.196.128.234 offset 0.174213 sec
    > ntp0.cornell.edu
    > 4 Sep 12:48:14 ntpdate[4255]: step time server 132.236.56.250 offset -0.004097 sec
    > time.caltech.edu
    > 4 Sep 12:48:16 ntpdate[4256]: step time server 192.12.19.20 offset 0.002223 sec
    > time.ucla.edu
    > 4 Sep 12:48:20 ntpdate[4257]: no server suitable for synchronization found
    > ntp2.usno.navy.mil
    > 4 Sep 12:48:22 ntpdate[4258]: step time server 192.5.41.209 offset 0.000743 sec
    > tick.usno.navy.mil
    > 4 Sep 12:48:25 ntpdate[4259]: step time server 192.5.41.40 offset 0.002183 sec
    > Synching Hardware Clock to System Clock
    >


    I have no interest in reviewing your list to see if any of them have
    access restrictions but you should be using the pool and not stratum 1
    or 2 servers. You are ignoring the Rules of Engagement. Under no
    circumstances should you be using Stratum 1 servers for this.

    Danny
    _______________________________________________
    questions mailing list
    questions@lists.ntp.isc.org
    https://lists.ntp.isc.org/mailman/listinfo/questions


  11. Re: time.ucla.edu is closed

    On Sun, 03 Sep 2006 14:25:51 -0700, Felix Tilley wrote:

    > I guess we can't use time.ucla.edu unless we have an account there:
    >
    > nmap -p123 time.ucla.edu
    >
    > Starting Nmap 4.10 ( http://www.insecure.org/nmap/ ) at 2006-09-03 14:15 MST
    > Interesting ports on tick.ucla.edu (164.67.62.194):
    > PORT STATE SERVICE
    > 123/tcp closed ntp
    >
    > Nmap finished: 1 IP address (1 host up) scanned in 1.628 seconds


    time.ucla.edu is back up. They rebooted the machine and asked that I
    verify it. It works, and I informed them.

    Felix



  12. Re: time.ucla.edu is closed

    On Mon, 04 Sep 2006 02:54:39 +0000, Danny Mayer wrote:


    >
    > NTP has never used TCP.
    >
    > Where did you see that this system has public access? The notice
    > attached to the list for tick (time is a CNAME) shows the following:
    >
    > AccessDetails: Open access to stratum-2 servers and to UCLA clients.
    >
    > So why are you trying to access it?
    >
    > Danny


    It is publically available. My former employer put its time servers
    behind a firewall. I am accessing it to sync my computer clock. How do
    you you do it?

    Felix
    Tucson



  13. Re: time.ucla.edu is closed

    On 2006-09-05, Felix Tilley wrote:

    > On Mon, 04 Sep 2006 02:54:39 +0000, Danny Mayer wrote:
    >
    >> Where did you see that this system has public access? The notice
    >> attached to the list for tick (time is a CNAME) shows the following:
    >>
    >> AccessDetails: Open access to stratum-2 servers and to UCLA clients.
    >>
    >> So why are you trying to access it?

    >
    > It is publically available.


    This server has published the following access rules:

    * The AccessPolicy of RestrictedAccess. That means that access is open
    to clients who meet the published access conditions (e.g. AccessDetails,
    ServiceArea, NotificationMessage, etc.).

    * The AccessDetails state that it is open to stratum-2 servers and to
    UCLA clients.

    * The ServiceArea is restricted to the Pacific Time zone. Clients
    outside of the ServiceArea may request access.

    * Clients must send a NotificationMessage prior to using this server.

    So ...

    If you are a UCLA client and send a NotificationMessage you may use this
    server.

    If you are a legitimate stratum-2 server, defined in the
    RulesOfEngagement as one that is serving more than 100 clients, and
    are in the published ServiceArea, or have permission, and send a
    NotificationMessage, you may use this server.

    Use of the server by clients who do not meet these conditions will most
    likely be considered abuse.

    > My former employer put its time servers behind a firewall. I am
    > accessing it to sync my computer clock. How do you you do it?


    There are numerous Stratum-2 time servers listed at
    http://ntp.isc.org/s2 and there's a good number of servers in the NTP
    pool (http://ntp.isc.org/pool)

    --
    Steve Kostecke
    NTP Public Services Project - http://ntp.isc.org/

  14. Re: time.ucla.edu is closed

    Felix Tilley wrote:
    > On Mon, 04 Sep 2006 02:54:39 +0000, Danny Mayer wrote:
    >
    >
    >> NTP has never used TCP.
    >>
    >> Where did you see that this system has public access? The notice
    >> attached to the list for tick (time is a CNAME) shows the following:
    >>
    >> AccessDetails: Open access to stratum-2 servers and to UCLA clients.
    >>
    >> So why are you trying to access it?
    >>
    >> Danny

    >
    > It is publically available. My former employer put its time servers
    > behind a firewall. I am accessing it to sync my computer clock. How do
    > you you do it?
    >


    What part of Stratum-2 servers don't you understand? I am very serious
    about this: you need to stop using restricted servers. The restrictions
    are by policy rather than by technical means but that can be changed.

    Danny

    > Felix
    > Tucson
    >

    _______________________________________________
    questions mailing list
    questions@lists.ntp.isc.org
    https://lists.ntp.isc.org/mailman/listinfo/questions


  15. Re: time.ucla.edu is closed

    "Felix Tilley" wrote in message
    newsan.2006.09.05.23.30.15.776556@cyberbromo.int...
    [...]
    > It is publically available.


    Stop whining. They merely don't, or didn't, enforce their access policy
    by technical means. That you are not physically prevented from taking an
    apple from a case in front of the greengrocer's without paying doesn't
    make it legal, or moral.


    > My former employer put its time servers behind a firewall.


    They have that right. They're _their_ time servers.


    > I am accessing it to sync my computer clock. How do
    > you you do it?


    I use my ISP's. I have been known to use the Pool.

    Groetjes,
    Maarten Wiltink



  16. Re: time.ucla.edu is closed

    On Wed, 06 Sep 2006 04:02:46 +0000, Danny Mayer wrote:
    >
    > What part of Stratum-2 servers don't you understand? I am very serious
    > about this: you need to stop using restricted servers. The restrictions
    > are by policy rather than by technical means but that can be changed.
    >
    >



    Danny,

    tick.ucla.edu wants you to use it.

    It is publically available.

    They want to you use it. It sustains their employment.

    The state of California wants you to use it.

    Felix in Tucson



  17. Re: time.ucla.edu is closed

    On 2006-09-06, Felix Tilley wrote:

    > tick.ucla.edu wants you to use it.


    Only if you meet the criteria listed at
    http://ntp.isc.org/bin/view/Servers/TickUclaEdu

    > It is publically available.


    It is publicly accessible. But their usage policy is RestrictedAccess.

    --
    Steve Kostecke
    NTP Public Services Project - http://ntp.isc.org/

  18. Re: time.ucla.edu is closed

    Felix Tilley wrote:
    > On Wed, 06 Sep 2006 04:02:46 +0000, Danny Mayer wrote:
    >> What part of Stratum-2 servers don't you understand? I am very serious
    >> about this: you need to stop using restricted servers. The restrictions
    >> are by policy rather than by technical means but that can be changed.

    >
    > Danny,
    >
    > tick.ucla.edu wants you to use it.
    >
    > It is publically available.


    Where did you read that? Provide a pointer.
    >
    > They want to you use it. It sustains their employment.
    >


    Where did you read that? Provide a pointer.

    > The state of California wants you to use it.
    >


    Where did you read that? Provide a pointer.

    > Felix in Tucson

    _______________________________________________
    questions mailing list
    questions@lists.ntp.isc.org
    https://lists.ntp.isc.org/mailman/listinfo/questions


  19. Re: time.ucla.edu is closed


    "Felix Tilley" wrote in message
    newsan.2006.09.06.09.07.34.816764@cyberbromo.int...
    > On Wed, 06 Sep 2006 04:02:46 +0000, Danny Mayer wrote:
    > >
    > > What part of Stratum-2 servers don't you understand? I am very serious
    > > about this: you need to stop using restricted servers. The restrictions
    > > are by policy rather than by technical means but that can be changed.
    > >
    > >

    >
    >
    > Danny,
    >
    > tick.ucla.edu wants you to use it.
    >
    > It is publically available.
    >
    > They want to you use it. It sustains their employment.
    >
    > The state of California wants you to use it.
    >


    Behold the usefulness of the passive voice:

    "They want it to be used" is a true statement. "They want you to use it" is
    not.
    Or rather, the latter statement may or may not be true, depending on whether
    "you" are a member of the two groups they have specified, viz. UCLA clients
    and stratum 2 servers.

    As for the first statement: yes, they do want it to be used. On THEIR
    terms. Not yours.

    As Bill Clinton might say, it all depends on what your definition of "you"
    is.


    Brian



  20. Re: time.ucla.edu is closed

    Brian Garrett wrote:

    > "Felix Tilley" wrote in message
    > newsan.2006.09.06.09.07.34.816764@cyberbromo.int...
    >
    >>On Wed, 06 Sep 2006 04:02:46 +0000, Danny Mayer wrote:
    >>
    >>>What part of Stratum-2 servers don't you understand? I am very serious
    >>>about this: you need to stop using restricted servers. The restrictions
    >>>are by policy rather than by technical means but that can be changed.
    >>>
    >>>

    >>
    >>
    >>Danny,
    >>
    >>tick.ucla.edu wants you to use it.
    >>
    >>It is publically available.
    >>
    >>They want to you use it. It sustains their employment.
    >>
    >>The state of California wants you to use it.
    >>

    >
    >
    > Behold the usefulness of the passive voice:
    >
    > "They want it to be used" is a true statement. "They want you to use it" is
    > not.
    > Or rather, the latter statement may or may not be true, depending on whether
    > "you" are a member of the two groups they have specified, viz. UCLA clients
    > and stratum 2 servers.
    >
    > As for the first statement: yes, they do want it to be used. On THEIR
    > terms. Not yours.
    >
    > As Bill Clinton might say, it all depends on what your definition of "you"
    > is.
    >
    >
    > Brian
    >
    >


    I expect that you are whipping a dead horse here!! He sounds like the
    type who hears only what he wants to hear. . . .