[Dshield] Time stamp accuracy

Johannes B. Ullrich jullrich at sans.org
Wed Oct 6 20:40:47 GMT 2004


I am currently working on improvements to our report accuracy.
One important issue is the time stamp accuracy. Many computer
clocks are not exactly accurate.

For quite a while, there is a somewhat hidden page on our site
that will assist you (and us) in determining if your clock is
setup right and your timezone is configured correctly. 

If you go to http://www.dshield.org/timestamp.php, the server
will send a packet to your system on port 10000-10100. Hopefully,
this packet will get blocked by your firewall, and later it 
will be reported to our database as you submit your reports.

Once we got this report, we can compare the time you report to
the time we sent the packet, and you will receive an email with
the result.

I just redid this page to enable better logging and to fix some 
display issues. If you have a second, please go to the URL
and let me know if you receive an e-mail with a result.

Couple notes:
Of course, this will only work if the packet is blocked by your
firewall and reported. Proxy servers may confuse the page, and
you have to access it from a client behind your system.

About time synchronization:
Keeping your clock in sync is not all that hard. There are a number
of applications to help. Windows XP includes a function to synchronize
your time with a standard time server. To configure it, select
"Date & Time" in your Control Panel, select the "Internet Time" tab,
and pick a time server (time.windows.com is the default).

For details relating to Windows XP and 2000, see
http://www.boulder.nist.gov/timefreq/service/pdf/win2000xp.pdf

In Unix, 'ntp' is typically the preferred time sync application.

For older windows versions, there are a number of third party time
synchronization clients.

Note that we do not look for microsecond precision. Typically,
+/- 1 minute is good enough for us and easily achieved.




-- 
----------------------------------------------------------------
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 639 5000                          jullrich at sans.org 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20041006/8a68980a/attachment.bin


More information about the list mailing list