Question about "daytime"

[Capps]

Is there some reason that my Windows 2000 clients would
be needing to talk to www.us.microsoft.com on TCP port 13
(Daytime) ? Or, should I be blocking this at the firewall ?

Thanks,
Don Capps

[Lance Delacroix]

On Tue, 12 Aug 2003 17:35:20 GMT, "Capps" <capps@iozone.org>
prounounced a fatwah thus:

>
> Is there some reason that my Windows 2000 clients would
> be needing to talk to www.us.microsoft.com on TCP port 13
> (Daytime) ? Or, should I be blocking this at the firewall ?

You should block everything that you do not WANT. If you ****
something up in the OS, that will become apparent and you can undo
whatever you did.

>
>Thanks,
>Don Capps
>

[CA was in NJ]

Capps wrote:

> Is there some reason that my Windows 2000 clients would
> be needing to talk to www.us.microsoft.com on TCP port 13
> (Daytime) ? Or, should I be blocking this at the firewall ?

It's setting the clock.

http://www.faqs.org/rfcs/rfc867.html

[Capps]

I was aware of the meaning of Daytime and its normal
usage. The question is, why does my Windoze boxen try to get
time from Microsoft ? I certainly didn't turn on any feature
that requested time sync from Microsoft, and have been
unable to find any way to disable this persistent connection.
(Short of blocking it at the firewall)

Is this some new feature of Windows 2000 ?

I don't see any new process/task running that would seem to
be related to getting the time of day.

TCPview indicates that the process is "System:8", this
would seem be something buried in the Windows system.

There appear to be two possibilities.
1. This is a new feature inside of Windows 2000 and it
is not optional, or configurable.
2. This is something else that is conversing with Microsoft
over TCP port 13.

Until I can figure out which of the above is true, I guess that
I'll just block TCP destination port 13 (Daytime).

or,

Unblock it, and monitor with Ethereal. See what data is
actually being transferred. :-)

Thanks,
Don Capps



"CA was in NJ"
<cainnj.cjb.net@cainnj.REVERSE_TO_REPLY__SPAMMERS_ SHOT_ON_SIGHT> wrote in
message news:IIucnRA27_bYoqaiU-KYgg@giganews.com...
> Capps wrote:
>
> > Is there some reason that my Windows 2000 clients would
> > be needing to talk to www.us.microsoft.com on TCP port 13
> > (Daytime) ? Or, should I be blocking this at the firewall ?
>
> It's setting the clock.
>
> http://www.faqs.org/rfcs/rfc867.html
>

[mto]

"Capps" <capps@iozone.org> wrote in message
news:6LQ_a.8343$CN.1430@nwrddc03.gnilink.net...
> I was aware of the meaning of Daytime and its normal
> usage. The question is, why does my Windoze boxen try to get
> time from Microsoft ? I certainly didn't turn on any feature
> that requested time sync from Microsoft, and have been
> unable to find any way to disable this persistent connection.
<SNIP>
Have you not noticed that invariably MS products come with all features
turned on by default leaving the user to figure out what to turn off? And
that they never give you the first clue what something might be doing? Or
that even if you do something like set scripts to "prompt" IE will tell you
"Most scripts are safe to run. Do you want to run scripts?"

Don't know about NT 2000 but XP checks the time of the system clock about
weekly. Gives two choices - microsoft and the national clock. Right click
on the time in your mainscreen toolbar while online. Click on the top tab
that says Internet. Choose which time source you want to use.

[Capps]

Mto,

I guess your suggestion works for WinXP, however in
Winblows 2k, there is no tab that says Internet related
to the clock :-( Guess they thought that it was un-needed :-(

Thanks,
Don Capps

"mto" <nobody@dontsendmeanyspam.thanks> wrote in message
news:elednT4lx6WrUaGiU-KYvA@seg.net...
>
> "Capps" <capps@iozone.org> wrote in message
> news:6LQ_a.8343$CN.1430@nwrddc03.gnilink.net...
> > I was aware of the meaning of Daytime and its normal
> > usage. The question is, why does my Windoze boxen try to get
> > time from Microsoft ? I certainly didn't turn on any feature
> > that requested time sync from Microsoft, and have been
> > unable to find any way to disable this persistent connection.
> <SNIP>
> Have you not noticed that invariably MS products come with all features
> turned on by default leaving the user to figure out what to turn off? And
> that they never give you the first clue what something might be doing? Or
> that even if you do something like set scripts to "prompt" IE will tell
you
> "Most scripts are safe to run. Do you want to run scripts?"
>
> Don't know about NT 2000 but XP checks the time of the system clock about
> weekly. Gives two choices - microsoft and the national clock. Right
click
> on the time in your mainscreen toolbar while online. Click on the top tab
> that says Internet. Choose which time source you want to use.
>
>

[Jay T. Blocksom]

On Tue, 12 Aug 2003 17:35:20 GMT, in <alt.privacy.spyware>, "Capps"
<capps@iozone.org> wrote:
>
> Is there some reason that my Windows 2000 clients would
> be needing to talk to www.us.microsoft.com on TCP port 13
> (Daytime) ? Or, should I be blocking this at the firewall ?
>
[snip]

You should be blocking EVERYTHING that you do not have a specific reason to
*not* block. In the case of Port 13, unless you use the (outdated, and
rather useless compared to NTP) "Daytime" service, there is no reason to
permit any traffic on that port. (And even if you do, allow it only to the
host/IP that YOU decide to get the time hack from).

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Capps]

The saga continues....

Ok... I set the firewall to reject TCP port 13 requests from
my clients (on the private lan). The Winblows 2k box that was
generating these requests was over a 802.11g connection. (wireless)

Hmmm... that was a bad idea. The Winblows 2k box didn't care
much for the rejects. It went wild sending TCP port 13 requests
to one host after another. Very rapidly rotating across hosts. This
created a heavy load on the Wireless net. So.. Since there
appears to be no way to disable this on the client, I changed
the firewall to just drop any TCP port 13 requests coming from
clients on the private lan. This seems to have slowed the Winblows 2k
box down to only making requests every few seconds.

The traffic on the wireless net is now back to a reasonable level, and
the client has been upgraded to use TCP 123 (SNTP) to a server
that is more reasonable. I can't stop the client from sending the
TCP port 13 requests, but the level of pain is now tolerable, and
it will not be maintaining a connection with M$.

Thanks,
Don Capps


"Jay T. Blocksom" <usenet01+SPAMBLOCK@appropriate-tech.net> wrote in message
news:mneojv85ip77sh9dn345g35q36i3l128vj@news.rcn.c om...
> On Tue, 12 Aug 2003 17:35:20 GMT, in <alt.privacy.spyware>, "Capps"
> <capps@iozone.org> wrote:
> >
> > Is there some reason that my Windows 2000 clients would
> > be needing to talk to www.us.microsoft.com on TCP port 13
> > (Daytime) ? Or, should I be blocking this at the firewall ?
> >
> [snip]
>
> You should be blocking EVERYTHING that you do not have a specific reason
to
> *not* block. In the case of Port 13, unless you use the (outdated, and
> rather useless compared to NTP) "Daytime" service, there is no reason to
> permit any traffic on that port. (And even if you do, allow it only to
the
> host/IP that YOU decide to get the time hack from).
>
> --
>
> Jay T. Blocksom
> --------------------------------
> Appropriate Technology, Inc.
> usenet01[at]appropriate-tech.net
>
>
> "They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety."
> -- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
> NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to
mail.
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
> Unsolicited advertising sent to this E-Mail address is expressly
prohibited
> under USC Title 47, Section 227. Violators are subject to charge of up to
> $1,500 per incident or treble actual costs, whichever is greater.
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-

[Jay T. Blocksom]

On Fri, 15 Aug 2003 19:19:40 GMT, in <alt.privacy.spyware>, "Capps"
<capps@iozone.org> wrote:
>
> The saga continues....
>
> Ok... I set the firewall to reject TCP port 13 requests from
> my clients (on the private lan). The Winblows 2k box that was
> generating these requests was over a 802.11g connection. (wireless)
>
> Hmmm... that was a bad idea. The Winblows 2k box didn't care
> much for the rejects. It went wild sending TCP port 13 requests
> to one host after another. Very rapidly rotating across hosts. This
> created a heavy load on the Wireless net.
[snip]

This just doesn't sound right. Are you *sure* you haven't picked up a
parasite of some sort? Whatever it is, it is *very* badly behaved.

Also, perchance is that Win2K box the Terminal Services Edition, or running
the Terminal Services module? That's about the only thing (besides
"Daytime") that came up on a Google search on "Windows 2000" and either
"Port 13" or "TCP 13" -- tho' some of the hits those searches produced may
be of general interest to you.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Jay T. Blocksom]

On Fri, 15 Aug 2003 08:04:01 -0400, in <alt.privacy.spyware>, "mto"
<nobody@dontsendmeanyspam.thanks> wrote:
>
[snip]
>
> Don't know about NT 2000 but XP checks the time of the system clock about
> weekly. Gives two choices - microsoft and the national clock.
[snip]

But surely, it doesn't use the stone-age "Daytime" service for this.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -