Is there some reason that my Windows 2000 clients would
be needing to talk to www.us.microsoft.com on TCP port 13
(Daytime) ? Or, should I be blocking this at the firewall ?
Thanks,
Don Capps
Is there some reason that my Windows 2000 clients would
be needing to talk to www.us.microsoft.com on TCP port 13
(Daytime) ? Or, should I be blocking this at the firewall ?
Thanks,
Don Capps
On Tue, 12 Aug 2003 17:35:20 GMT, "Capps" <capps@iozone.org>
prounounced a fatwah thus:
>
> Is there some reason that my Windows 2000 clients would
> be needing to talk to www.us.microsoft.com on TCP port 13
> (Daytime) ? Or, should I be blocking this at the firewall ?
You should block everything that you do not WANT. If you ****
something up in the OS, that will become apparent and you can undo
whatever you did.
>
>Thanks,
>Don Capps
>
Capps wrote:
> Is there some reason that my Windows 2000 clients would
> be needing to talk to www.us.microsoft.com on TCP port 13
> (Daytime) ? Or, should I be blocking this at the firewall ?
It's setting the clock.
http://www.faqs.org/rfcs/rfc867.html
I was aware of the meaning of Daytime and its normal
usage. The question is, why does my Windoze boxen try to get
time from Microsoft ? I certainly didn't turn on any feature
that requested time sync from Microsoft, and have been
unable to find any way to disable this persistent connection.
(Short of blocking it at the firewall)
Is this some new feature of Windows 2000 ?
I don't see any new process/task running that would seem to
be related to getting the time of day.
TCPview indicates that the process is "System:8", this
would seem be something buried in the Windows system.
There appear to be two possibilities.
1. This is a new feature inside of Windows 2000 and it
is not optional, or configurable.
2. This is something else that is conversing with Microsoft
over TCP port 13.
Until I can figure out which of the above is true, I guess that
I'll just block TCP destination port 13 (Daytime).
or,
Unblock it, and monitor with Ethereal. See what data is
actually being transferred. :-)
Thanks,
Don Capps
"CA was in NJ"
<cainnj.cjb.net@cainnj.REVERSE_TO_REPLY__SPAMMERS_ SHOT_ON_SIGHT> wrote in
message news:IIucnRA27_bYoqaiU-KYgg@giganews.com...
> Capps wrote:
>
> > Is there some reason that my Windows 2000 clients would
> > be needing to talk to www.us.microsoft.com on TCP port 13
> > (Daytime) ? Or, should I be blocking this at the firewall ?
>
> It's setting the clock.
>
> http://www.faqs.org/rfcs/rfc867.html
>
"Capps" <capps@iozone.org> wrote in message
news:6LQ_a.8343$CN.1430@nwrddc03.gnilink.net...
> I was aware of the meaning of Daytime and its normal
> usage. The question is, why does my Windoze boxen try to get
> time from Microsoft ? I certainly didn't turn on any feature
> that requested time sync from Microsoft, and have been
> unable to find any way to disable this persistent connection.
<SNIP>
Have you not noticed that invariably MS products come with all features
turned on by default leaving the user to figure out what to turn off? And
that they never give you the first clue what something might be doing? Or
that even if you do something like set scripts to "prompt" IE will tell you
"Most scripts are safe to run. Do you want to run scripts?"
Don't know about NT 2000 but XP checks the time of the system clock about
weekly. Gives two choices - microsoft and the national clock. Right click
on the time in your mainscreen toolbar while online. Click on the top tab
that says Internet. Choose which time source you want to use.
Mto,
I guess your suggestion works for WinXP, however in
Winblows 2k, there is no tab that says Internet related
to the clock :-( Guess they thought that it was un-needed :-(
Thanks,
Don Capps
"mto" <nobody@dontsendmeanyspam.thanks> wrote in message
news:elednT4lx6WrUaGiU-KYvA@seg.net...
>
> "Capps" <capps@iozone.org> wrote in message
> news:6LQ_a.8343$CN.1430@nwrddc03.gnilink.net...
> > I was aware of the meaning of Daytime and its normal
> > usage. The question is, why does my Windoze boxen try to get
> > time from Microsoft ? I certainly didn't turn on any feature
> > that requested time sync from Microsoft, and have been
> > unable to find any way to disable this persistent connection.
> <SNIP>
> Have you not noticed that invariably MS products come with all features
> turned on by default leaving the user to figure out what to turn off? And
> that they never give you the first clue what something might be doing? Or
> that even if you do something like set scripts to "prompt" IE will tell
you
> "Most scripts are safe to run. Do you want to run scripts?"
>
> Don't know about NT 2000 but XP checks the time of the system clock about
> weekly. Gives two choices - microsoft and the national clock. Right
click
> on the time in your mainscreen toolbar while online. Click on the top tab
> that says Internet. Choose which time source you want to use.
>
>
On Fri, 15 Aug 2003 08:04:01 -0400, in <alt.privacy.spyware>, "mto"
<nobody@dontsendmeanyspam.thanks> wrote:
>
[snip]
>
> Don't know about NT 2000 but XP checks the time of the system clock about
> weekly. Gives two choices - microsoft and the national clock.
[snip]
But surely, it doesn't use the stone-age "Daytime" service for this.
--
Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
"Jay T. Blocksom" <usenet01+SPAMBLOCK@appropriate-tech.net> wrote in message
news:mk2rjvoljvig4nql4sfanc5f1t4vuukeso@news.rcn.c om...
> On Fri, 15 Aug 2003 08:04:01 -0400, in <alt.privacy.spyware>, "mto"
> <nobody@dontsendmeanyspam.thanks> wrote:
> >
> [snip]
> >
> > Don't know about NT 2000 but XP checks the time of the system clock
about
> > weekly. Gives two choices - microsoft and the national clock.
> [snip]
>
> But surely, it doesn't use the stone-age "Daytime" service for this.
>
> --
No clue what service it uses. Mine is set to time.nist.gov. Just giving
Capps an explanation as to why his machine is constantly trying to fetch the
time from MS.
On Tue, 12 Aug 2003 17:35:20 GMT, in <alt.privacy.spyware>, "Capps"
<capps@iozone.org> wrote:
>
> Is there some reason that my Windows 2000 clients would
> be needing to talk to www.us.microsoft.com on TCP port 13
> (Daytime) ? Or, should I be blocking this at the firewall ?
>
[snip]
You should be blocking EVERYTHING that you do not have a specific reason to
*not* block. In the case of Port 13, unless you use the (outdated, and
rather useless compared to NTP) "Daytime" service, there is no reason to
permit any traffic on that port. (And even if you do, allow it only to the
host/IP that YOU decide to get the time hack from).
--
Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The saga continues....
Ok... I set the firewall to reject TCP port 13 requests from
my clients (on the private lan). The Winblows 2k box that was
generating these requests was over a 802.11g connection. (wireless)
Hmmm... that was a bad idea. The Winblows 2k box didn't care
much for the rejects. It went wild sending TCP port 13 requests
to one host after another. Very rapidly rotating across hosts. This
created a heavy load on the Wireless net. So.. Since there
appears to be no way to disable this on the client, I changed
the firewall to just drop any TCP port 13 requests coming from
clients on the private lan. This seems to have slowed the Winblows 2k
box down to only making requests every few seconds.
The traffic on the wireless net is now back to a reasonable level, and
the client has been upgraded to use TCP 123 (SNTP) to a server
that is more reasonable. I can't stop the client from sending the
TCP port 13 requests, but the level of pain is now tolerable, and
it will not be maintaining a connection with M$.
Thanks,
Don Capps
"Jay T. Blocksom" <usenet01+SPAMBLOCK@appropriate-tech.net> wrote in message
news:mneojv85ip77sh9dn345g35q36i3l128vj@news.rcn.c om...
> On Tue, 12 Aug 2003 17:35:20 GMT, in <alt.privacy.spyware>, "Capps"
> <capps@iozone.org> wrote:
> >
> > Is there some reason that my Windows 2000 clients would
> > be needing to talk to www.us.microsoft.com on TCP port 13
> > (Daytime) ? Or, should I be blocking this at the firewall ?
> >
> [snip]
>
> You should be blocking EVERYTHING that you do not have a specific reason
to
> *not* block. In the case of Port 13, unless you use the (outdated, and
> rather useless compared to NTP) "Daytime" service, there is no reason to
> permit any traffic on that port. (And even if you do, allow it only to
the
> host/IP that YOU decide to get the time hack from).
>
> --
>
> Jay T. Blocksom
> --------------------------------
> Appropriate Technology, Inc.
> usenet01[at]appropriate-tech.net
>
>
> "They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety."
> -- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
> NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to
mail.
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
> Unsolicited advertising sent to this E-Mail address is expressly
prohibited
> under USC Title 47, Section 227. Violators are subject to charge of up to
> $1,500 per incident or treble actual costs, whichever is greater.
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote