Results 1 to 8 of 8
  1. #1
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Time Checking & Firewalls

    Probably old hat to all of you, but just in case. Since I'm going through all the re-training of both my firewall and ME, I had forgotten about this one. For the past couple of days, I've gotten notified by Zone Alarm that it had blocked two attempts to contact my computer. Each day, the IP addresses were the same and Whois says they're from Microsoft. This morning it dawned on me that port 123 is for time checking (clock setting). In my case I've solved it by going in to Control Panel and turning off the time checking function (remember, I've got an almost-virgin computer). If that solution isn't right for you, you'll need to tell your firewall to allow the two addresses from Microsoft. See attachment and the second address was 207.46.232.189.

  2. #2
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Time Checking & Firewalls

    Hi Al,
    Must be nice to have a new computer, even if there is some tweaking to start with!

    Some people do use Windows time and some don't; I use it as a convenient service but it is not important, and I know about port 123. Even though I have used ZoneAlarm a long time (since before XP and Windows Time, 7-8 years) I have not fully understood or bothered to figure out how some of this works.

    Your post is interesting, every now and then the time update has failed to connect (automatically or manually started by me) other times it works, I have mostly blamed the Net and went on. But I have also seen that ZA sometimes has blocked connection (via log view). Your post got me to do some tests.

    I turned on informational alerts in ZA (I do turn them off minutes after a new install of ZA); in Date and Time tried to update time. ZA showed alerts that it had blocked two connections (the addresses you mentioned), and Date and Time told me accordingly that it could not update time. Turned off info. alerts and tried again, time update failed, ZA showed blocks in "Alerts & Logs".

    Now this is amazing; I had TcpView running (Sysinternals) and tried once more to update time some minutes later. Now it showed: time sync. time.windows.com etc. It did update! Nothing in the ZA program log, TcpView (at 1 second update speed) did not show any connection ... I found a normal W32Time event in Event viewer.

    Just to try once more, I changed time back around 3 minutes. With ZA Control Center and TcpView on the screen I once more updated the time; it said connecting to time.windows.com and changed the time back. During the "connection" there was quick flash in the lights on the DSL modem, but nothing was shown in TcpView and nothing in ZA Program log (allowed/blocked). Moreover, this time there was no W32Time event in Event viewer. Hmm, did it not connect?

    Some hours later after a reboot I did a test again; changed time 4 minutes back, tried synchronizing time, no activity in TcpView, ZA logged one block: 207.46.232.189:123, but the time was updated on the other address, also shown in Event viewer. Actually I changed 4 min. and 18 seconds back as shown in screen shot ... sorry for not so nice looking cut and paste.

    Hmm, how does this work?

  3. #3
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Time Checking & Firewalls

    Al,
    This is somewhat confusing. Some days later Windows Time did an automatic time synchronizing and it also worked. Now I took a look at the Event viewer, source W32Time, and found that some other time ZA had blocked 207.46.130.100:123 and time was updated from 207.46.232.189:123, the opposite from my above example.

    In ZA I have allowed my "Generic Host Process for Win32 Services" Access to Trusted and Internet and Server to Trusted (that is the default on my install, no Server to Internet).

    Your post is clear on which addresses are used, and maybe depending on what firewall is used one has to add those IP addresses. I assume that was all you wanted to mention, and I have a vague memory that you are among those who earlier have used other software to synchronize time, so this question maybe is not that interesting to you. I have not added any address as trusted so far. I am just curious how this can work sometimes and not at other times.

  4. #4
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Time Checking & Firewalls

    Sorry Argus, I don't know the answer. I do remember that a few years ago when I first installed XP I had a problem with allowing Windows to set the time and I turned it off and went with a third-party freebie which I've been doing ever since. My recollection is that Windows only checks your clock once per week, but it's been awhile and I'm not sure. If you want other opinions, hang in there and see if someone else jumps in to this thread.

  5. #5
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Time Checking & Firewalls

    Did your TCPview information show whether this function uses TCP or UDP? In TCP, there is a connection that is kept open, whereas in UDP, there is not. The firewall presumably allows a certain time window for UDP responses, but if the response is outside the window, it could be blocked on the grounds that it appears more like an new incoming packet than a response to your original request.

    This might explain why the results are inconsistent. However, it's just speculation on my part. <img src=/S/smile.gif border=0 alt=smile width=15 height=15>

  6. #6
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Time Checking & Firewalls

    Al,
    Thanks for reply. Yes, default in Windows is once per week. I suppose one can change that in the registry, but that is not in my interest since once per week is OK. I was just curious since this Windows time thing used the "Generic Host Process for Win32 Services", and I have given access for that program. I will see if I find something.

  7. #7
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Time Checking & Firewalls

    Hi Jefferson,
    When I checked with TcpView running I did not see any activity during time synchronizing. TcpView was set at 1 second update speed (highest), but as I have seen when trying to find what process/service that take CPU time - if the time is really short it can be hard to trace.

    However, I did not think about the protocol until you mentioned it. I think I have heard about this; TCP is kept open. It is UDP; at least it is shown so in TcpView. If there is this "time window", it could explain why sometimes one address gets blocked and other times the other. If it takes longer to get in contact with one address the other will be used, and when packets arrive from the first one it is already too late. But that would not explain the situation when both addresses are blocked; only if both take long time. Thanks for information.

  8. #8
    4 Star Lounger
    Join Date
    Oct 2001
    Location
    Bellevue, Nebraska, USA
    Posts
    569
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Time Checking & Firewalls

    FWIW - I have been using Dimension 4 (D4) for many years to keep my systems on time. It is much more flexible than Windows Time Sync and works on all NT based OSs (NT, W2K, and XP). You can set it up as a application loaded at startup, or as a service. It can act as a client on a single PC, and as a time server for your whole network.

    I have used it with no problems with ZoneAlarm, Kerio Personal Firewall, Windows Firewall, and the now defunct Sygate Personal Firewall. I know several folks that use it with NIS with no problems as well. I highly recommend it (just make sure you disable XP's time sync - no harm with both, both no need for two).

    Free for non-commercial use - always a good thing.
    Bill (AFE7Ret)
    Freedom is NOT Free!
    Heat is the bane of all electronics!

    ─────────────────────

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •