Today I saw in some firewall logs a misconfigured interface with martian source lines. So far- so good. But this is a new XPnotebook that contacts with the standard IP of network-adapter 169.x.x.x a page at microsoft time.windows.com not nice. Anybody knows more. Should I block certain MS-Sites with my firewall? Michael
Hi
time.windows.com
This is a default behavior of Windows XP to sync the clock. You can disable it in the time-panel.
M$ claims it to be ntp. You can change the host to your favourite ntp server but so far I've failed to get them to communicate. John
I sync up just fine with clepsydra.dec.com; that's because I specifically pass that host/port combo through my firewall.
-----Original Message----- From: John Trickey [mailto:jtrickey@iee.org] Sent: Sunday, December 16, 2001 4:11 PM To: 'SuSE-Security' Subject: RE: [suse-security] WindowsXP contact it's home ?!
Hi
time.windows.com
This is a default behavior of Windows XP to sync the clock. You can disable it in the time-panel.
M$ claims it to be ntp. You can change the host to your favourite ntp server but so far I've failed to get them to communicate.
John
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
On Sun, 16 Dec 2001, Eric Brown wrote:
I sync up just fine with clepsydra.dec.com; that's because I specifically pass that host/port combo through my firewall.
-----Original Message----- From: John Trickey [mailto:jtrickey@iee.org] Hi
time.windows.com
This is a default behavior of Windows XP to sync the clock. You can disable it in the time-panel.
M$ claims it to be ntp. You can change the host to your favourite ntp server but so far I've failed to get them to communicate.
John
Just for jollies, I 'syncd' my linux box to time.windows.com. It talked a protocol acceptable to ntpdate, but it skewed my clock 193 seconds back! I immediately re-sync'd with my normal servers. So it appears that when Microsoft actually talks the same language as the rest of the world, they lie to you! -- Rick Green "They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." -Benjamin Franklin
On Sunday 16 December 2001 09:29 pm, Rick Green wrote:
Just for jollies, I 'syncd' my linux box to time.windows.com. It talked a protocol acceptable to ntpdate, but it skewed my clock 193 seconds back!
I immediately re-sync'd with my normal servers.
So it appears that when Microsoft actually talks the same language as the rest of the world, they lie to you!
Thats about as precise as anything else in their software. ;-) -- _________________________________ John Andersen / Juneau Alaska
Hello, XP does have a lot of services that are calling home. Mostly time and auto update services (os an mediaplayer) Take a look at http://www.xp-antispy.de/ (there is a english version too) for more info and for a tool, that disables most services. Michael Appeldorn wrote:
Today I saw in some firewall logs a misconfigured interface with martian source lines.
So far- so good. But this is a new XPnotebook that contacts with the standard IP of network-adapter 169.x.x.x a page at microsoft
time.windows.com
not nice. Anybody knows more. Should I block certain MS-Sites with my firewall?
Michael
-- aixigo AG - financial training, research and technology Schloß-Rahe-Straße 15, 52072 Aachen, Germany fon: +49 (0)241 936737-70, fax: +49 (0)241 936737-99 eMail: Zoran.Cvetkovic@aixigo.de, web: http://www.aixigo.de
* Michael Appeldorn wrote on Sat, Dec 15, 2001 at 11:03 +0100:
Should I block certain MS-Sites with my firewall?
Yes, and search a tool that protects you from that "features". Well, maybe there is a list of such hosts that should be blocked - does anyone have one? oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
On Sat, 15 Dec 2001, Michael Appeldorn wrote:
Today I saw in some firewall logs a misconfigured interface with martian source lines.
So far- so good. But this is a new XPnotebook that contacts with the standard IP of network-adapter 169.x.x.x a page at microsoft
time.windows.com
not nice. Anybody knows more. Should I block certain MS-Sites with my firewall?
If you consistently prevent XP from contacting Microsoft, it will quit working after sixty days. I think this particular call is just setting the system time, but the license code also depends on servers at Microsoft. Bear
Geez, the paranoia here is *rampant*. It's a fricking NTP service. Put something else in there, if you want. I have my XP machines set to contact my Linux machine. Personally, I think that Microsoft is being incredibly nice by providing an NTP server that can withstand several million service requests per hour.
-----Original Message----- From: Ray Dillinger [mailto:bear@sonic.net] Sent: Friday, December 14, 2001 9:10 AM To: Michael Appeldorn Cc: suse-security@suse.com Subject: Re: [suse-security] WindowsXP contact it's home ?!
On Sat, 15 Dec 2001, Michael Appeldorn wrote:
Today I saw in some firewall logs a misconfigured interface with martian source lines.
So far- so good. But this is a new XPnotebook that contacts with the standard IP of network-adapter 169.x.x.x a page at microsoft
time.windows.com
not nice. Anybody knows more. Should I block certain MS-Sites with my firewall?
If you consistently prevent XP from contacting Microsoft, it will quit working after sixty days. I think this particular call is just setting the system time, but the license code also depends on servers at Microsoft.
Bear
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hi, nice or not, I rather decide myself when my machiens contanct what service. And if somene else makes these kind of decisions for me I prefer being at least asked if it is OK. One problem with Mircrosoft is that they 'assume' the user doesn't want/need to know about such things like a time service - I disagre strongly. Erwin --- Eric Brown wrote:
Geez, the paranoia here is *rampant*. It's a fricking NTP service. Put something else in there, if you want. I have my XP machines set to contact my Linux machine.
Personally, I think that Microsoft is being incredibly nice by providing an NTP server that can withstand several million service requests per hour.
[....] -- Erwin Zierler | web- / host- / postmaster - stubainet.at | erwin.zierler@stubainet.at / webmaster@stubainet.at | Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91
So that's why you don't run SuSE Linux, or Mandrake, or RedHat, eh? All three of these systems install ntpdate by default. Furthermore, Windows XP displays the internet time service tab right where I'd expect to find it - on the time and date control, and (god forbid) actually *makes you look* at the time and date control on installation. Sigh. I really don't know why I even bother discussing this - you're mind is obviously made up - Microsoft can do no right, and Linux can do no wrong.
-----Original Message----- From: Erwin Zierler - stubainet.at [mailto:erwin.zierler@stubainet.at] Sent: Saturday, December 15, 2001 11:16 PM To: suse-security@suse.com Subject: Re: [suse-security] WindowsXP contact it's home ?!
Hi, nice or not, I rather decide myself when my machiens contanct what service. And if somene else makes these kind of decisions for me I prefer being at least asked if it is OK. One problem with Mircrosoft is that they 'assume' the user doesn't want/need to know about such things like a time service - I disagre strongly.
Erwin
--- Eric Brown wrote:
Geez, the paranoia here is *rampant*. It's a fricking NTP service. Put something else in there, if you want. I have my XP machines set to contact my Linux machine.
Personally, I think that Microsoft is being incredibly nice by providing an NTP server that can withstand several million service requests per hour.
[....] -- Erwin Zierler | web- / host- / postmaster - stubainet.at | erwin.zierler@stubainet.at / webmaster@stubainet.at | Tel.: 0 5225 - 64325 Fax 99 Mobil: 0664 - 130 67 91
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hi, On 16 Dec 2001 at 16:31, Eric Brown wrote:
I really don't know why I even bother discussing this - you're mind is obviously made up - Microsoft can do no right, and Linux can do no wrong.
my powermac (from 1995) under MacOS 9.0 has the same feature but it needs to be *enabled* by the user! If one gets lots of calls from customers because an OS does something and the users do not know anything about it, this can be rather annoying. I guess there is no dialog asking for permission to enable this service, right? I was happy to hear about it as it provided me with information I can pass to customers. mike
So that's why you don't run SuSE Linux, or Mandrake, or RedHat, eh? All three of these systems install ntpdate by default.
Furthermore, Windows XP displays the internet time service tab right where I'd expect to find it - on the time and date control, and (god forbid) actually *makes you look* at the time and date control on installation. Yah, and comes with a sys-admin rights enabled default UID installed, together with a default password. Probably usefull to the remote support staff (that you can never hope to contact), or the rest of the world (and that's "don't call us, we'll call you -do-do-do-dooooo-do-d-do").
Sigh. Yo!
participants (12)
-
Alexander Reach -
Eric Brown -
Erwin Zierler - stubainet.at -
John Andersen -
John Trickey -
Michael Appeldorn -
Peter van den Heuvel -
Ray Dillinger -
Rick Green -
Steffen Dettmer -
Thomas Michael Wanka -
Zoran Cvetkovic