NTP blocked; Alternatives to ntpd for updating time?

[unsynaps]

Well they're still saying they're blocking it on their web site. Fortunately I'm not one of their customers.

These are usually (99% of the time) just ports that are blocked INCOMING to the customers router. Not outgoing. They are to prevent the user from running these services on their network.

EDIT: Yeah. Open your eyes and read unsynaps. *facepalms self*.
That is really damned stupid to block NTP both way.

 

[RMerlin]

These are usually (99% of the time) just ports that are blocked INCOMING to the customers router. Not outgoing. They are to prevent the user from running these services on their network.

According tot hat page, they block both inbound and outbound NTP.

 

[john9527]

If they truly deliberately block it, then they are run by idiots, plain and simple.

Well, what they actually say is

Some aspects of Port 123 may be limited to minimize malicious use.

Sounds like they may have some type of denial of service protection or prevent you from running your own externally accessible time server?

 

[jarmka]

I'm not taking credit for anyone's code. What you are referring to is no longer publicly available; all I have asked is if the maker of the code would post it up again for the thread in which it previously existed was deleted.

 

[c84]

Well, what they actually say is


Sounds like they may have some type of denial of service protection or prevent you from running your own externally accessible time server?

That's what I mentioned, NTPD had a big flaw a few years back, it got fixed, but most probably could be due to dos. Like the SMTP was blocked by my previous ISP, due to avoiding trojans/viruses/botnets to send spam. This again was a huge issue back in the mid 2000's, when people used file-sharing programs to download MP3, Napster and so on. song.mp3.exe

 

[RMerlin]

Well, what they actually say is


Sounds like they may have some type of denial of service protection or prevent you from running your own externally accessible time server?

The paragraph above the table says that they are blocking it:

As noted above, AT&T blocks certain ports that transfer malicious or disruptive traffic to protect our customers and our network. Below is more information about port blocking that is currently in place. We may block additional ports in the future based upon threat assessments.

The denial of service they mention is more an explanation to back up their decision from what I understand. If what they truly do is just throttle or filter traffic, then they should update the document to states it so.

 

[ColinTaylor]

The paragraph above the table says that they are blocking it:

What they say and what they do quite possibly aren't the same (and might even be area specific?). If you look at the previous thread about this what they're actually doing is blocking outgoing UDP connections from port 123. So the workaround in that thread was to masquerade the source port to an ephemeral one.

 

[dugaduga]

Getting closer to a solution; found this online: https://askubuntu.com/questions/741298/how-to-get-datetime-using-curl-command However it does not appear to work properly inside Asus.

dateFromServer=$(curl -v --silent https://google.com/ 2>&1 \
   | grep Date | sed -e 's/< Date: //'); date +"%d%m%Y%H%M%S" -d "$dateFromServer"


or  Get the date from a HTTP response header. Remove clutter. Set the date.

 date -s `curl -I 'https://startpage.com/' 2>/dev/null | grep -i '^date:' | sed 's/^[Dd]ate: //g'`

 

[dugaduga]

A workable modification of this on a cronjob with nvram set ntp_ready=1 & nvram commit should remove all need for remote or local ntp servers!!!! Given the security risks posed by local ntp servers, something like this would be a great alternative.

 

[dugaduga]

using the aforementioned results in the following:

@Heyzeus:/tmp/home/root# date -s `curl -I 'https://google.com/' 2>/dev/null | grep -i '^date:' | sed 's/^[Dd]ate: //g'`
BusyBox v1.25.1 (2018-05-06 13:19:15 EDT) multi-call binary.

Usage: date [OPTIONS] [+FMT] [TIME]

Display time (using +FMT), or set time

[-s,--set] TIME Set time to TIME
-u,--utc Work in UTC (don't convert to local time)
-R,--rfc-2822 Output RFC-2822 compliant date string
-I[SPEC] Output ISO-8601 compliant date string
SPEC='date' (default) for date only,
'hours', 'minutes', or 'seconds' for date and
time to the indicated precision
-r,--reference FILE Display last modification time of FILE
-d,--date TIME Display TIME, not 'now'
-D FMT Use FMT for -d TIME conversion

Recognized TIME formats:
hh:mm[:ss]
[YYYY.]MM.DD-hh:mm[:ss]
YYYY-MM-DD hh:mm[:ss]
[[[[[YY]YY]MM]DD]hh]mm[.ss]
'date TIME' form accepts MMDDhhmm[[YY]YY][.ss] instead

and

@Heyzeus:/tmp/home/root# dateFromServer=$(curl -v --silent https://google.com/ 2>&1 \
> | grep Date | sed -e 's/< Date: //'); date +"%d%m%Y%H%M%S" -d "$dateFromServer"
'ate: invalid date 'Sat, 12 May 2018 18:49:18 GMT

 

[RMerlin]

You could also run your own NTP server at home I guess, and have your devices use that internal server. I never checked if there was such a daemon for Windows, there's a good chance that there's one.

 

[Twiglets]

http://www.timesynctool.com/

NetTime 3.14 runs on windows, works well.

 

[Fitz Mutch]

Configure Windows as NTP Server
https://www.snbforums.com/threads/yet-another-way-to-sync-your-routers-clock.37439/

 

[Vexira]

Wasn't there an not daemon project here on the forums that requires entware?

 

[Twiglets]

Wasn't there an not daemon project here on the forums that requires entware?

https://www.snbforums.com/threads/ntp-daemon-for-asuswrt-merlin.28041/

 

[Vexira]

https://www.snbforums.com/threads/ntp-daemon-for-asuswrt-merlin.28041/

Thank you sooo much, hopefully it might help the op.

 

[Twiglets]

Thank you sooo much, hopefully it might help the op.

Maybe .... maybe not !!!
I am currently installing it and there are some quirks/fixes.
I still cannot see the graphs changing.

It may be a better choice to use the NetTime Tool @ http://www.timesynctool.com/
I use it to provide a ntp fallback server for the router in case it cannot get on the internet.
It runs in the taskbar and 'Just works !!!'

 

[ColinTaylor]

The problem with the alternative NTP servers that have been suggested by @Twiglets and @Fitz Mutch is that they don't actually address the issue. The issue is not being able to (or not wanting to for security reasons) access external NTP servers. Pointing the router's NTP client to an internal server doesn't solve that because now there's just a different device using an external NTP server.

 

[Twiglets]

Sorry never read back through the thread just answered the question from Rmerlin & Vexira.

Quick google finds tlsdate (alternative source of time via tls timestamps !!!)

https://linux-audit.com/tlsdate-the-secure-alternative-for-ntpd-ntpdate-and-rdate/

[*Just* need to port it to ASUS Router OS.]

 

[RMerlin]

Pointing the router's NTP client to an internal server doesn't solve that because now there's just a different device using an external NTP server.

A computer's clock is more likely to stay accurate however, since the computer has a battery backed RTC. This is so it can set the clock for devices without a RTC, like routers.