1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

NTP blocked; Alternatives to ntpd for updating time?

Discussion in 'Asuswrt-Merlin' started by jarmka, May 10, 2018.

Thread Status:
Not open for further replies.
  1. unsynaps

    unsynaps Senior Member

    Joined:
    Nov 9, 2014
    Messages:
    249
    Location:
    Halethorpe, MD
    These are usually (99% of the time) just ports that are blocked INCOMING to the customers router. Not outgoing. They are to prevent the user from running these services on their network.

    EDIT: Yeah. Open your eyes and read unsynaps. *facepalms self*.
    That is really damned stupid to block NTP both way.
     
    dugaduga likes this.
  2. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    30,475
    Location:
    Canada
    According tot hat page, they block both inbound and outbound NTP.
     
    dugaduga and jarmka like this.
  3. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    6,096
    Location:
    United States
    Well, what they actually say is
    Sounds like they may have some type of denial of service protection or prevent you from running your own externally accessible time server?
     
    dugaduga likes this.
  4. jarmka

    jarmka Occasional Visitor

    Joined:
    May 5, 2018
    Messages:
    36
    I'm not taking credit for anyone's code. What you are referring to is no longer publicly available; all I have asked is if the maker of the code would post it up again for the thread in which it previously existed was deleted.
     
    Evictoria and dugaduga like this.
  5. c84

    c84 Occasional Visitor

    Joined:
    May 10, 2018
    Messages:
    11
    Location:
    Europe, NO
    That's what I mentioned, NTPD had a big flaw a few years back, it got fixed, but most probably could be due to dos. Like the SMTP was blocked by my previous ISP, due to avoiding trojans/viruses/botnets to send spam. This again was a huge issue back in the mid 2000's, when people used file-sharing programs to download MP3, Napster and so on. song.mp3.exe ;)
     
    dugaduga likes this.
  6. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    30,475
    Location:
    Canada
    The paragraph above the table says that they are blocking it:

    The denial of service they mention is more an explanation to back up their decision from what I understand. If what they truly do is just throttle or filter traffic, then they should update the document to states it so.
     
    dugaduga likes this.
  7. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,628
    Location:
    UK
    What they say and what they do quite possibly aren't the same (and might even be area specific?):rolleyes:. If you look at the previous thread about this what they're actually doing is blocking outgoing UDP connections from port 123. So the workaround in that thread was to masquerade the source port to an ephemeral one.
     
    dugaduga likes this.
  8. dugaduga

    dugaduga Regular Contributor

    Joined:
    May 12, 2018
    Messages:
    190
    Getting closer to a solution; found this online: https://askubuntu.com/questions/741298/how-to-get-datetime-using-curl-command However it does not appear to work properly inside Asus.
    Code:
    dateFromServer=$(curl -v --silent https://google.com/ 2>&1 \
       | grep Date | sed -e 's/< Date: //'); date +"%d%m%Y%H%M%S" -d "$dateFromServer"
    
    
    or  Get the date from a HTTP response header. Remove clutter. Set the date.
    
     date -s `curl -I 'https://startpage.com/' 2>/dev/null | grep -i '^date:' | sed 's/^[Dd]ate: //g'`
    
     
    Last edited: May 12, 2018
  9. dugaduga

    dugaduga Regular Contributor

    Joined:
    May 12, 2018
    Messages:
    190
    A workable modification of this on a cronjob with nvram set ntp_ready=1 & nvram commit should remove all need for remote or local ntp servers!!!! :D Given the security risks posed by local ntp servers, something like this would be a great alternative.
     
    Last edited: May 12, 2018
  10. dugaduga

    dugaduga Regular Contributor

    Joined:
    May 12, 2018
    Messages:
    190
    using the aforementioned results in the following:
    and
     
  11. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    30,475
    Location:
    Canada
    You could also run your own NTP server at home I guess, and have your devices use that internal server. I never checked if there was such a daemon for Windows, there's a good chance that there's one.
     
  12. Twiglets

    Twiglets Regular Contributor

    Joined:
    Aug 15, 2014
    Messages:
    175
  13. Fitz Mutch

    Fitz Mutch Senior Member

    Joined:
    May 27, 2016
    Messages:
    471
    Location:
    Portsmouth
  14. Vexira

    Vexira Very Senior Member

    Joined:
    Jan 20, 2017
    Messages:
    1,628
    Location:
    Australia
    Wasn't there an not daemon project here on the forums that requires entware?
     
  15. Twiglets

    Twiglets Regular Contributor

    Joined:
    Aug 15, 2014
    Messages:
    175
  16. Vexira

    Vexira Very Senior Member

    Joined:
    Jan 20, 2017
    Messages:
    1,628
    Location:
    Australia
    dugaduga likes this.
  17. Twiglets

    Twiglets Regular Contributor

    Joined:
    Aug 15, 2014
    Messages:
    175
    Maybe .... maybe not !!!
    I am currently installing it and there are some quirks/fixes.
    I still cannot see the graphs changing.

    It may be a better choice to use the NetTime Tool @ http://www.timesynctool.com/
    I use it to provide a ntp fallback server for the router in case it cannot get on the internet.
    It runs in the taskbar and 'Just works !!!' :)

    upload_2018-5-13_13-31-39.png
     
    dugaduga likes this.
  18. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,628
    Location:
    UK
    The problem with the alternative NTP servers that have been suggested by @Twiglets and @Fitz Mutch is that they don't actually address the issue. The issue is not being able to (or not wanting to for security reasons) access external NTP servers. Pointing the router's NTP client to an internal server doesn't solve that because now there's just a different device using an external NTP server.:rolleyes:
     
    Fitz Mutch and dugaduga like this.
  19. Twiglets

    Twiglets Regular Contributor

    Joined:
    Aug 15, 2014
    Messages:
    175
    dugaduga likes this.
  20. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    30,475
    Location:
    Canada
    A computer's clock is more likely to stay accurate however, since the computer has a battery backed RTC. This is so it can set the clock for devices without a RTC, like routers.
     
    Fitz Mutch likes this.
Thread Status:
Not open for further replies.