Allowing Windows Time Update

Discussion in 'LnS English Forum' started by SimonW, Oct 31, 2004.

Thread Status:
Not open for further replies.
  1. SimonW

    SimonW Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    115
    Location:
    Leicester, UK
    I'm using the enhanced ruleset and to allow Windows to update the date/time I created the following rule - it works correctly but can anyone with more experience just check a couple of things for me:

    1) I got the remote address of time.windows.com and put this in the destination ip section - is this IP dynamic? / could I have left this blank without making my PC any less safe?

    2) Do I need the source IP as equals my @ or again could I have left this blank without making my PC any less safe?

    3) There doesn't appear to be a specific 'time' application so I can't add an application to this rule - is it ok to leave enabled all the time - again without making my PC any less safe?


    Thanks
    SimonW
     

    Attached Files:

    • time.PNG
      time.PNG
      File size:
      18.4 KB
      Views:
      515
  2. Hazeleyze

    Hazeleyze Guest

    All I did was hit "update now" for my time. Went into the logs and looked for timewindows.com entry. Right click it and select Add Rule: UDP: Allow Port 123 client. Works like a charm.
     
  3. bloodscourge

    bloodscourge Registered Member

    Joined:
    Jul 3, 2004
    Posts:
    372
    Location:
    France
    ...or you can try Atomic clock sync with a embedded list of (non-microsoft) time servers ;)

    just my 2 cents :p
     
    Last edited: Nov 2, 2004
  4. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Or you can use time.nist.gov, or specify any other server you want Windows to use.
     
  5. SimonW

    SimonW Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    115
    Location:
    Leicester, UK
    Hazeleyze,
    Yes that's exactly what I did to start with - however:

    It's easy to right-click the log and create a new rule but at this point I've opened port 123, so I wondered if I could restrict the default settings.

    Therefore I changed it as described.

    I'm just trying to understand if the changes I've made have made it any more 'secure' as per my original 3 questions?
     
  6. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi SimonW,

    Yes, it's better to refine the rule like you did.
    However I don't know if the IP could change.

    Yes, it's also better to put "equal my @" for the source IP.

    About the application, I suppose these requests are done by the system, perhaps through svchost or services applications.
    You can also try to refine rules in the Application Filtering part, by finding which one needs the UDP 123 (if you put the !! attribute for an application, the log will show you the port and IP used).

    Frederic
     
  7. SimonW

    SimonW Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    115
    Location:
    Leicester, UK
    Many thanks for the feedback Frederic :)


    SimonW
     
Thread Status:
Not open for further replies.