ZoneAlarm - letting my computer clock contact the TimeServer

On Thu, 24 Mar 2005 08:02:36 -0600, Clark <> wrote:

>I need a bit of help here.
>
>My computer clock is not keeping time accurately, so I'd like for it
>to contact the Internet timeserver frequently.
>
>ZoneAlarm 5.5 keeps the clock from accessing the timeserver. If I
>deactivate ZA, the time gets reset properly. Or if I deactivate ZA and
>turn on MS's firewall, the time still gets reset. So, it's just ZA
>only.
>
>How can I tell ZA to let the clock contact the timeserver?
>
>Thanks for any help here. I tried to ask the question on the
>Zonelabs website, but funny thing, I kept getting the "Cannot find
>server" error.
>
>Clark


Well, maybe I answered my own question, so possibly someone can tell
me if this method is OK. I determined that the NTP protocol (Port
119) is the one that allows for time synchronization. So, I went to
the ZA control panel, under Main->Custom. There wasn't any NTP port
listed there, so I arbitrarily selected "Allow incoming UDP ports" and
put 119 as the port number. Is that OK? It works, anyway... I
just want to make sure I'm not opening my computer up to folks who
want to get into it.

Now, does anyone know how to force several time syncs per day? I'm
using XP, SP2. This computer clock is really bad and needs frequent
re-setting.

Thanks!

Clark

I need a bit of help here.

My computer clock is not keeping time accurately, so I'd like for it
to contact the Internet timeserver frequently.

ZoneAlarm 5.5 keeps the clock from accessing the timeserver. If I
deactivate ZA, the time gets reset properly. Or if I deactivate ZA and
turn on MS's firewall, the time still gets reset. So, it's just ZA
only.

How can I tell ZA to let the clock contact the timeserver?

Thanks for any help here. I tried to ask the question on the
Zonelabs website, but funny thing, I kept getting the "Cannot find
server" error.

Clark

Clark

"Clark" <> wrote in message
news:...
> On Thu, 24 Mar 2005 08:02:36 -0600, Clark <>
> wrote:
>
> Well, maybe I answered my own question, so possibly someone can
> tell
> me if this method is OK. I determined that the NTP protocol
> (Port
> 119) is the one that allows for time synchronization. So, I
> went to
> the ZA control panel, under Main->Custom. There wasn't any NTP
> port
> listed there, so I arbitrarily selected "Allow incoming UDP
> ports" and
> put 119 as the port number. Is that OK? It works, anyway...
> I
> just want to make sure I'm not opening my computer up to folks
> who
> want to get into it.
>
> Now, does anyone know how to force several time syncs per day?
> I'm
> using XP, SP2. This computer clock is really bad and needs
> frequent
> re-setting.
>

Try Atomic Clock Sync, automatically syncs the time when windows
starts and you have a tray icon that lets you update at any time,
but no scheduled update facility. ZA will prompt you to allow or
deny the Atomic Clock Sync app access to the net, no need for
manual configuration.
http://www.worldtimeserver.com/atomic-clock/

--
Ian

Apollo

Clark wrote:
> On Thu, 24 Mar 2005 08:02:36 -0600, Clark <> wrote:
>
>
>>I need a bit of help here.
>>
>>My computer clock is not keeping time accurately, so I'd like for it
>>to contact the Internet timeserver frequently.
>>
>>ZoneAlarm 5.5 keeps the clock from accessing the timeserver. If I
>>deactivate ZA, the time gets reset properly. Or if I deactivate ZA and
>>turn on MS's firewall, the time still gets reset. So, it's just ZA
>>only.
>>
>>How can I tell ZA to let the clock contact the timeserver?
>>
>>Thanks for any help here. I tried to ask the question on the
>>Zonelabs website, but funny thing, I kept getting the "Cannot find
>>server" error.
>>
>>Clark
>
>
>
> Well, maybe I answered my own question, so possibly someone can tell
> me if this method is OK. I determined that the NTP protocol (Port
> 119) is the one that allows for time synchronization. So, I went to
> the ZA control panel, under Main->Custom. There wasn't any NTP port
> listed there, so I arbitrarily selected "Allow incoming UDP ports" and
> put 119 as the port number. Is that OK? It works, anyway... I
> just want to make sure I'm not opening my computer up to folks who
> want to get into it.
>
> Now, does anyone know how to force several time syncs per day? I'm
> using XP, SP2. This computer clock is really bad and needs frequent
> re-setting.
>
> Thanks!
>
>
I'd be inclined to take a look at Net Time

http://nettime.sourceforge.net/

never had a problem with it, even with zonealarm

Martin

On Thu, 24 Mar 2005 08:02:36 -0600, Clark <> wrote:

>I need a bit of help here.
>
>My computer clock is not keeping time accurately, so I'd like for it
>to contact the Internet timeserver frequently.
>
>ZoneAlarm 5.5 keeps the clock from accessing the timeserver. If I
>deactivate ZA, the time gets reset properly. Or if I deactivate ZA and
>turn on MS's firewall, the time still gets reset. So, it's just ZA
>only.
>
>How can I tell ZA to let the clock contact the timeserver?
>
>Thanks for any help here. I tried to ask the question on the
>Zonelabs website, but funny thing, I kept getting the "Cannot find
>server" error.
>
>Clark

There isn't really an entity called 'the internet time server'
but there are a number of timer servers offered free on
the Internet which provide the facility to set your PC
clock accuratly enough.

There are a number of time clients which request time from
servers, with the most common protocol being SNTP
using port 123 not to be confused with Port 119 which is
NNTP the news server port.

There is also daytime which uses port 37 which is less
precise but adequate for most uses and 13 which may
provide time in a human readable form and 525

Windows 2000 implements the Windows Time service
(or W32Time). so that a network of W2K (or XP) machines
can be easily synchronised. This uses port 123.

Personally I use Dimension4 from Thinking Man Software
which is freeware and works fine with ZA

http://www.thinkman.com

Also tried aboutime from

http://www.arachnoid.com/abouttime/

which provides servers that seem a bit quirky
but is otherwise an good product

and also a freeware client from Analogx

http://www.analogx.com/contents/down...etwork/ats.htm

But I found problems with this repeatedly talking to my
time server and suspect it has a but, which is a pity as its
otherwise excellent.

What you also need to be aware of is that there are a number
of 'time synchronisers' containing spyware and anything adverrtised
in pop ups is likely to be scumware.
--
Jim Watt
http://www.gibnet.com

Jim Watt

In article <>, Clark wrote:

>Well, maybe I answered my own question, so possibly someone can tell
>me if this method is OK. I determined that the NTP protocol (Port
>119) is the one that allows for time synchronization.

[compton ~]$ grep -w 119 rfcs/port-numbers
nntp 119/tcp Network News Transfer Protocol
nntp 119/udp Network News Transfer Protocol
[compton ~]$

Guess again. You want a time port, not a news port.

>There wasn't any NTP port listed there, so I arbitrarily selected "Allow
>incoming UDP ports" and put 119 as the port number. Is that OK? It
>works, anyway... I just want to make sure I'm not opening my computer up
>to folks who want to get into it.

[compton ~]$ grep -Ew "(13|37|123)" rfcs/port-numbers
daytime 13/tcp Daytime (RFC 867)
daytime 13/udp Daytime (RFC 867)
time 37/tcp Time (RFC 86
time 37/udp Time (RFC 86
ntp 123/tcp Network Time Protocol
ntp 123/udp Network Time Protocol
[compton ~]$

I suspect you've got things mightily screwed up. You almost certainly want
port 123, not 119. Ports 13 and 37 are much less commonly used. However,
the way to find out is to use the logging mechanism of your toy firewall.
Set it to block everything, and to log every packet. Then try to do a time
sync, and see what ports your system wants to use. NTP (RFC 1305) and SNTP
(RFC 2030) both use UDP port 123 as source and destination. Obviously, you
also need >1024/udp to 53/udp on your ISPs name servers to resolve the
address. Once you have determined the ports needed, turn off the logging
to prevent wasted disk space. If your firewall is blocking the 87 bazillion
connection attempts per hour, you really don't need to know that some system
in Kenya or Korea attempted to connect to a trojan you don't have installed.

>Now, does anyone know how to force several time syncs per day? I'm
>using XP, SP2. This computer clock is really bad and needs frequent
>re-setting.

Standard computer clock oscillators should be good to +/- 100 ppm, or
about 9 seconds a day.

Old guy

Moe Trin

Thanks for all the advice. I ended up installing Dimension 4 and
keeping ZA active. I also reset ZA back to the defaults on the Ports,
so the only thing different now is that I have another app running in
the background, synching the time every 15 minutes.

Clark



On Thu, 24 Mar 2005 07:45:39 -0600, Clark <> wrote:

>On Thu, 24 Mar 2005 08:02:36 -0600, Clark <> wrote:
>
>>I need a bit of help here.
>>
>>My computer clock is not keeping time accurately, so I'd like for it
>>to contact the Internet timeserver frequently.
>>
>>ZoneAlarm 5.5 keeps the clock from accessing the timeserver. If I
>>deactivate ZA, the time gets reset properly. Or if I deactivate ZA and
>>turn on MS's firewall, the time still gets reset. So, it's just ZA
>>only.
>>
>>How can I tell ZA to let the clock contact the timeserver?
>>
>>Thanks for any help here. I tried to ask the question on the
>>Zonelabs website, but funny thing, I kept getting the "Cannot find
>>server" error.
>>
>>Clark
>
>
>Well, maybe I answered my own question, so possibly someone can tell
>me if this method is OK. I determined that the NTP protocol (Port
>119) is the one that allows for time synchronization. So, I went to
>the ZA control panel, under Main->Custom. There wasn't any NTP port
>listed there, so I arbitrarily selected "Allow incoming UDP ports" and
>put 119 as the port number. Is that OK? It works, anyway... I
>just want to make sure I'm not opening my computer up to folks who
>want to get into it.
>
>Now, does anyone know how to force several time syncs per day? I'm
>using XP, SP2. This computer clock is really bad and needs frequent
>re-setting.
>
>Thanks!
>

Clark

After opening the port, go to some of the firewall test sites, and have your
machine probed to see if it is still safe. You only want to allow the one
port to be opened for the time set software.

If you contact the author of the time set software, I am sure they may have
a suggestion.

If you are using a router on your system, it may have a hardware firewall.
Many of the high speed modems also have a firewall buit in. In this case you
do not need a software firewall on top. Software firewalls are heavy on
resources, and dramaticaly slow down the computer.

The best type of firewall is a hardware one. It is external to the operating
system, and is the safest.

--


Greetings,

Jerry G.
============

"Clark" <> wrote in message
news:...
> On Thu, 24 Mar 2005 08:02:36 -0600, Clark <> wrote:
>
> >I need a bit of help here.
> >
> >My computer clock is not keeping time accurately, so I'd like for it
> >to contact the Internet timeserver frequently.
> >
> >ZoneAlarm 5.5 keeps the clock from accessing the timeserver. If I
> >deactivate ZA, the time gets reset properly. Or if I deactivate ZA and
> >turn on MS's firewall, the time still gets reset. So, it's just ZA
> >only.
> >
> >How can I tell ZA to let the clock contact the timeserver?
> >
> >Thanks for any help here. I tried to ask the question on the
> >Zonelabs website, but funny thing, I kept getting the "Cannot find
> >server" error.
> >
> >Clark
>
>
> Well, maybe I answered my own question, so possibly someone can tell
> me if this method is OK. I determined that the NTP protocol (Port
> 119) is the one that allows for time synchronization. So, I went to
> the ZA control panel, under Main->Custom. There wasn't any NTP port
> listed there, so I arbitrarily selected "Allow incoming UDP ports" and
> put 119 as the port number. Is that OK? It works, anyway... I
> just want to make sure I'm not opening my computer up to folks who
> want to get into it.
>
> Now, does anyone know how to force several time syncs per day? I'm
> using XP, SP2. This computer clock is really bad and needs frequent
> re-setting.
>
> Thanks!
>
>

Jerry G.