Problem with date since a few hours - NTP

This is a discussion on Problem with date since a few hours - NTP ; Hi all, It seems that I get 1st january 2000 as a date from pool.ntp.org, using command /usr/sbin/netdate tcp pool.ntp.org Has anyone noticed anything? Fabrice...

+ Reply to Thread
Results 1 to 15 of 15

Thread: Problem with date since a few hours

  1. Problem with date since a few hours

    Hi all,

    It seems that I get 1st january 2000 as a date from pool.ntp.org, using
    command

    /usr/sbin/netdate tcp pool.ntp.org

    Has anyone noticed anything?

    Fabrice

  2. Re: Problem with date since a few hours

    In article <45716309@news.vo.lu>,
    "Fabrice " (unallocated TLD) wrote:

    > It seems that I get 1st january 2000 as a date from pool.ntp.org, using


    pool.ntp.org dynamically selects one of many servers, all of which
    could behave differently when abused.

    > command


    > /usr/sbin/netdate tcp pool.ntp.org


    Using port 37/TCP to access a pool.ntp.org server would be considered abuse
    by most of the server operators; you may even have found a server that is
    deliberately configured to lie in response to such unauthorised accesses.

    Accesses to pool.ntp.org should use port 123/UDP and should conform to
    good NTP practice, in particular, with regard to frequency of access.
    The best tool for doing this is ntpd, although ntpdate may be OK if
    used infrequently, and there are some other implemenation of the over
    the wire protocol.

    Basically, if you had been accessing with an appropriate client, we would
    have needed to know the actual IP address selected for this particular
    invocation, but, as you are using an inappropriate client, the servers
    are free to behave in any way they like.

  3. Re: Problem with date since a few hours

    Fabrice wrote:

    > Hi all,
    >
    > It seems that I get 1st january 2000 as a date from pool.ntp.org, using
    > command
    >
    > /usr/sbin/netdate tcp pool.ntp.org
    >
    > Has anyone noticed anything?
    >
    > Fabrice


    What is "netdate" and what O/S are you running it on?

    I'm sure someone would have noticed of any of the pool servers were off
    by six years and eleven months. They are carefully monitored and
    required to be within a few milliseconds of the correct time.

    FWIW NTP uses UDP rather than TCP!

  4. Re: Problem with date since a few hours

    Richard B. Gilbert wrote:
    > Fabrice wrote:
    >
    >> Hi all,
    >>
    >> It seems that I get 1st january 2000 as a date from pool.ntp.org, using
    >> command
    >>
    >> /usr/sbin/netdate tcp pool.ntp.org
    >>
    >> Has anyone noticed anything?
    >>
    >> Fabrice

    >
    >
    > What is "netdate" and what O/S are you running it on?
    >
    > I'm sure someone would have noticed of any of the pool servers were off
    > by six years and eleven months. They are carefully monitored and
    > required to be within a few milliseconds of the correct time.
    >
    > FWIW NTP uses UDP rather than TCP!

    Probably this one:
    from : http://home.august.com/~akfullfo/netdate/README.txt

    What it is
    ----------

    Netdate makes use of the UDP "time" service provided by
    many Unix systems to query for the current time, and
    optionally set it on the local system. It is a pauper's
    alternative to NTP.

    What it does
    ------------

    Netdate will set the local system time to within a second
    or two of the collective wisdom of one or more time
    servers. It uses a voting scheme to eliminate responses
    that are not in general agreement with the majority of
    the servers. As such, it really only works well in an
    environment where there are accessible machines that
    maintain a reliable timebase, probably via NTP.

    It works on a variety of Unix systems and is easy to
    compile and install.


    uer

  5. Re: Problem with date since a few hours

    > Richard B. Gilbert wrote:
    >> Fabrice wrote:
    >>>
    >>> It seems that I get 1st january 2000 as a date from pool.ntp.org, using
    >>> command
    >>>
    >>> /usr/sbin/netdate tcp pool.ntp.org
    >>>
    >>> Has anyone noticed anything?
    >>>

    >>
    >> What is "netdate" and what O/S are you running it on?


    netdate is a standard command on my system to update the local time from a
    time server. It runs on linux slackware 10.2.

    >>
    >> I'm sure someone would have noticed of any of the pool servers were off
    >> by six years and eleven months. They are carefully monitored and
    >> required to be within a few milliseconds of the correct time.


    I agree with that: I have been using netdate on my gateway to internet for
    years to retrieve the accurate time and to serve it to the PCs on the
    internal family network. No problem for at least 4 years...

    I was therefore very surprised this morning when all my clocks had been set
    up to year 2000!

    Now the situation is back to normal. Netdate gets back again the correct
    time.
    >>
    >> FWIW NTP uses UDP rather than TCP!


    According to netdate man page, both protocols can be used.

    Thanks for your replies,

    Fabrice

  6. Re: Problem with date since a few hours

    Fabrice wrote:
    >> Richard B. Gilbert wrote:

    []
    >>> FWIW NTP uses UDP rather than TCP!

    >
    > According to netdate man page, both protocols can be used.


    Then the manual is wrong in at least one respect, and perhaps how many
    others?

    David



  7. Re: Problem with date since a few hours

    In article ,
    David J Taylor wrote:
    > Fabrice wrote:
    > >> Richard B. Gilbert wrote:

    > []
    > >>> FWIW NTP uses UDP rather than TCP!

    >
    > > According to netdate man page, both protocols can be used.


    > Then the manual is wrong in at least one respect, and perhaps how many
    > others?


    The man page is correct, but has nothing to do with NTP; it refers
    to the protocol on port 37, whereas NTP is on port 123. Being in
    pool.ntp.org doesn't constitute permission to use the port 37 protocol.
    (On some systems, the equivalent of netdate is called rdate.)

    Almost certainly what happened is that the random selection of servers
    selected one that particularly disliked unauthorised accesses on port 37
    and deliberately served an incorrect time to such clients to try and
    dissuade them. Subsequently it selected a server that wasn't so aggressive
    in defending itself against port 37 attacks.

  8. Re: Problem with date since a few hours

    David Woolley wrote:
    > In article ,
    > David J Taylor
    > wrote:
    >> Fabrice wrote:
    >>>> Richard B. Gilbert wrote:

    >> []
    >>>>> FWIW NTP uses UDP rather than TCP!

    >>
    >>> According to netdate man page, both protocols can be used.

    >
    >> Then the manual is wrong in at least one respect, and perhaps how
    >> many others?

    >
    > The man page is correct, but has nothing to do with NTP


    Ah, mis-read that as NTP manual!

    David



  9. Re: Problem with date since a few hours

    Fabrice wrote:
    >>Richard B. Gilbert wrote:
    >>
    >>>Fabrice wrote:
    >>>
    >>>>It seems that I get 1st january 2000 as a date from pool.ntp.org, using
    >>>>command
    >>>>
    >>>>/usr/sbin/netdate tcp pool.ntp.org
    >>>>
    >>>>Has anyone noticed anything?
    >>>>
    >>>
    >>>What is "netdate" and what O/S are you running it on?

    >
    >
    > netdate is a standard command on my system to update the local time from a
    > time server. It runs on linux slackware 10.2.
    >
    >
    >>>I'm sure someone would have noticed of any of the pool servers were off
    >>>by six years and eleven months. They are carefully monitored and
    >>>required to be within a few milliseconds of the correct time.

    >
    >
    > I agree with that: I have been using netdate on my gateway to internet for
    > years to retrieve the accurate time and to serve it to the PCs on the
    > internal family network. No problem for at least 4 years...
    >
    > I was therefore very surprised this morning when all my clocks had been set
    > up to year 2000!
    >
    > Now the situation is back to normal. Netdate gets back again the correct
    > time.
    >
    >>>FWIW NTP uses UDP rather than TCP!

    >
    >
    > According to netdate man page, both protocols can be used.
    >
    > Thanks for your replies,
    >
    > Fabrice


    netdate does not use the NTP protocol!

    If you want the correct time from an NTP server, I'd suggest using
    (x)ntpd or even ntpdate. ntpdate is deprecated but still widely
    available and widely used. It sets your clock on a one time basis.
    Some people run it using cron. ntpd is best if you want really accurate
    time; you can get +/- 10 milliseconds using internet servers.


  10. Re: Problem with date since a few hours

    david@djwhome.demon.co.uk (David Woolley) writes:

    > In article ,
    > David J Taylor wrote:
    > Almost certainly what happened is that the random selection of servers
    > selected one that particularly disliked unauthorised accesses on port 37
    > and deliberately served an incorrect time to such clients to try and
    > dissuade them. Subsequently it selected a server that wasn't so aggressive
    > in defending itself against port 37 attacks.


    What makes you choose to call it an attack?

    Regards

    Jon

  11. Re: Problem with date since a few hours

    Jon Kåre Hellan wrote:

    > david@djwhome.demon.co.uk (David Woolley) writes:
    >
    >
    >>In article ,
    >>David J Taylor wrote:
    >>Almost certainly what happened is that the random selection of servers
    >>selected one that particularly disliked unauthorised accesses on port 37
    >>and deliberately served an incorrect time to such clients to try and
    >>dissuade them. Subsequently it selected a server that wasn't so aggressive
    >>in defending itself against port 37 attacks.

    >
    >
    > What makes you choose to call it an attack?
    >
    > Regards
    >
    > Jon


    I don't know exactly how David would answer that question but I would
    regard any attempt at unauthorized access to any of my systems as an
    attack. Don't forget that there are thousands of people out there who
    would just love to use your system as an SMTP relay, or to distribute
    their latest bit of malware.


    Simply offering a single service is not an invitation to access some
    other service that is not being offered!

  12. Re: Problem with date since a few hours

    Jon Kåre Hellan wrote:
    > david@djwhome.demon.co.uk (David Woolley) writes:
    >
    >> In article ,
    >> David J Taylor
    >> wrote:
    >> Almost certainly what happened is that the random selection of
    >> servers
    >> selected one that particularly disliked unauthorised accesses on
    >> port 37
    >> and deliberately served an incorrect time to such clients to try and
    >> dissuade them. Subsequently it selected a server that wasn't so
    >> aggressive
    >> in defending itself against port 37 attacks.

    >
    > What makes you choose to call it an attack?
    >
    > Regards
    >
    > Jon


    Jon, please be a little more careful with your quoting. David Wolley
    wrote the remarks to which you responded, but you left my name (David J
    Taylor) in your quoted text as well.

    Thanks,
    David



  13. Re: Problem with date since a few hours

    "David J Taylor" writes:

    > Jon KÃ¥re Hellan wrote:
    > > david@djwhome.demon.co.uk (David Woolley) writes:
    > >
    > >> In article ,
    > >> David J Taylor
    > >> wrote:
    > >> Almost certainly what happened is that the random selection of
    > >> servers
    > >> selected one that particularly disliked unauthorised accesses on
    > >> port 37
    > >> and deliberately served an incorrect time to such clients to try and
    > >> dissuade them. Subsequently it selected a server that wasn't so
    > >> aggressive
    > >> in defending itself against port 37 attacks.

    > >
    > > What makes you choose to call it an attack?
    > >
    > > Regards
    > >
    > > Jon

    >
    > Jon, please be a little more careful with your quoting. David Wolley
    > wrote the remarks to which you responded, but you left my name (David J
    > Taylor) in your quoted text as well.
    >
    > Thanks,
    > David


    My apologies

    Jon

  14. Re: Problem with date since a few hours

    Jon Kåre Hellan wrote:
    > "David J Taylor"
    > writes:

    []
    >> Jon, please be a little more careful with your quoting. David Wolley
    >> wrote the remarks to which you responded, but you left my name
    >> (David J Taylor) in your quoted text as well.
    >>
    >> Thanks,
    >> David

    >
    > My apologies
    >
    > Jon


    Thank, Jon.

    ... and yes, one of us probably shouldn't be called David. I know people
    call me lots of other names!



    Cheers,
    David



  15. Re: Problem with date since a few hours

    Fabrice writes:

    > Hi all,
    >
    > It seems that I get 1st january 2000 as a date from pool.ntp.org, using
    > command
    >
    > /usr/sbin/netdate tcp pool.ntp.org


    If the code does check validity of time like this, don't be surprised:

    memcpy((void *)&tim, buf, sizeof tim);
    rem_time = (unsigned long)ntohl(tim) - EPOCH_DEVIATION;
    time(&tim);

    I think back in 1993 I realized that NetWare 3.11 doesn't serve that protocol
    correctly (with a similar result than yours)...

    Let me quote http://en.wikipedia.org/wiki/TIME_protocol maybe:

    ``TIME protocol
    From Wikipedia, the free encyclopedia
    Jump to: navigation, search

    The TIME service is an Internet protocol defined in RFC 868. Its purpose is to
    provide a site-independent, machine readable date and time.

    TIME can operate over either TCP or UDP. When operating over TCP, a host
    connects to a server that supports the TIME protocol on TCP port 37. The
    server then sends the time as 32-bit binary number in network order
    representing a number of seconds since 00:00 (midnight) 1 January, 1900
    GMT. The host receives the time and closes the connection.

    When operating over UDP, the client sends a (typically empty) datagram to UDP
    port 37. The server responds with a single datagram of length 4 containing the
    time. There is no connection setup or teardown.

    In modern practice, the TIME protocol is completely superseded by the Network
    time protocol (NTP).''

    Ulrich

    >
    > Has anyone noticed anything?
    >
    > Fabrice


+ Reply to Thread