ZoneAlarm - letting my computer clock contact the TimeServer

Discussion in 'Computer Security' started by Clark, Mar 24, 2005.

  1. Clark

    Clark Guest

    Well, maybe I answered my own question, so possibly someone can tell
    me if this method is OK. I determined that the NTP protocol (Port
    119) is the one that allows for time synchronization. So, I went to
    the ZA control panel, under Main->Custom. There wasn't any NTP port
    listed there, so I arbitrarily selected "Allow incoming UDP ports" and
    put 119 as the port number. Is that OK? It works, anyway... I
    just want to make sure I'm not opening my computer up to folks who
    want to get into it.

    Now, does anyone know how to force several time syncs per day? I'm
    using XP, SP2. This computer clock is really bad and needs frequent

    Clark, Mar 24, 2005
    1. Advertisements

  2. Clark

    Clark Guest

    I need a bit of help here.

    My computer clock is not keeping time accurately, so I'd like for it
    to contact the Internet timeserver frequently.

    ZoneAlarm 5.5 keeps the clock from accessing the timeserver. If I
    deactivate ZA, the time gets reset properly. Or if I deactivate ZA and
    turn on MS's firewall, the time still gets reset. So, it's just ZA

    How can I tell ZA to let the clock contact the timeserver?

    Thanks for any help here. I tried to ask the question on the
    Zonelabs website, but funny thing, I kept getting the "Cannot find
    server" error.

    Clark, Mar 24, 2005
    1. Advertisements

  3. Clark

    Apollo Guest

    Try Atomic Clock Sync, automatically syncs the time when windows
    starts and you have a tray icon that lets you update at any time,
    but no scheduled update facility. ZA will prompt you to allow or
    deny the Atomic Clock Sync app access to the net, no need for
    manual configuration.
    Apollo, Mar 24, 2005
  4. Clark

    Martin Guest

    I'd be inclined to take a look at Net Time

    never had a problem with it, even with zonealarm :)
    Martin, Mar 24, 2005
  5. Clark

    Jim Watt Guest

    There isn't really an entity called 'the internet time server'
    but there are a number of timer servers offered free on
    the Internet which provide the facility to set your PC
    clock accuratly enough.

    There are a number of time clients which request time from
    servers, with the most common protocol being SNTP
    using port 123 not to be confused with Port 119 which is
    NNTP the news server port.

    There is also daytime which uses port 37 which is less
    precise but adequate for most uses and 13 which may
    provide time in a human readable form and 525

    Windows 2000 implements the Windows Time service
    (or W32Time). so that a network of W2K (or XP) machines
    can be easily synchronised. This uses port 123.

    Personally I use Dimension4 from Thinking Man Software
    which is freeware and works fine with ZA

    Also tried aboutime from

    which provides servers that seem a bit quirky
    but is otherwise an good product

    and also a freeware client from Analogx

    But I found problems with this repeatedly talking to my
    time server and suspect it has a but, which is a pity as its
    otherwise excellent.

    What you also need to be aware of is that there are a number
    of 'time synchronisers' containing spyware and anything adverrtised
    in pop ups is likely to be scumware.
    Jim Watt, Mar 24, 2005
  6. Clark

    Moe Trin Guest

    [compton ~]$ grep -w 119 rfcs/port-numbers
    nntp 119/tcp Network News Transfer Protocol
    nntp 119/udp Network News Transfer Protocol
    [compton ~]$

    Guess again. You want a time port, not a news port.
    [compton ~]$ grep -Ew "(13|37|123)" rfcs/port-numbers
    daytime 13/tcp Daytime (RFC 867)
    daytime 13/udp Daytime (RFC 867)
    time 37/tcp Time (RFC 868)
    time 37/udp Time (RFC 868)
    ntp 123/tcp Network Time Protocol
    ntp 123/udp Network Time Protocol
    [compton ~]$

    I suspect you've got things mightily screwed up. You almost certainly want
    port 123, not 119. Ports 13 and 37 are much less commonly used. However,
    the way to find out is to use the logging mechanism of your toy firewall.
    Set it to block everything, and to log every packet. Then try to do a time
    sync, and see what ports your system wants to use. NTP (RFC 1305) and SNTP
    (RFC 2030) both use UDP port 123 as source and destination. Obviously, you
    also need >1024/udp to 53/udp on your ISPs name servers to resolve the
    address. Once you have determined the ports needed, turn off the logging
    to prevent wasted disk space. If your firewall is blocking the 87 bazillion
    connection attempts per hour, you really don't need to know that some system
    in Kenya or Korea attempted to connect to a trojan you don't have installed.
    Standard computer clock oscillators should be good to +/- 100 ppm, or
    about 9 seconds a day.

    Old guy
    Moe Trin, Mar 25, 2005
  7. Clark

    Clark Guest

    Thanks for all the advice. I ended up installing Dimension 4 and
    keeping ZA active. I also reset ZA back to the defaults on the Ports,
    so the only thing different now is that I have another app running in
    the background, synching the time every 15 minutes.

    Clark, Mar 25, 2005
  8. Clark

    Jerry G. Guest

    After opening the port, go to some of the firewall test sites, and have your
    machine probed to see if it is still safe. You only want to allow the one
    port to be opened for the time set software.

    If you contact the author of the time set software, I am sure they may have
    a suggestion.

    If you are using a router on your system, it may have a hardware firewall.
    Many of the high speed modems also have a firewall buit in. In this case you
    do not need a software firewall on top. Software firewalls are heavy on
    resources, and dramaticaly slow down the computer.

    The best type of firewall is a hardware one. It is external to the operating
    system, and is the safest.



    Jerry G.
    Jerry G., Mar 25, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.