Hello... Dino wrote: > Well I am not sure if you would consider this a bug, incident, monitoring or > a feature, but in Windows XP RC2 that we loaded this weekend > I noticed that M$ has Network Time Client built to keep correct time. > > This is good so that we do not have to grab a 3rd party app and install it, > but what is disturbing is take a guess as to what the "default" Time Server > that gets used??? > > time.windows.com !!! > > > Well for every install M$ can monitor/track who is running XP that has a Net > connection. Microsoft already does this with their windows update. About the time the, "this is done without sending any information to microsoft" message is displayed. The update server sends a DNS query for the reverse in-addr.arpa address. I have a NAT setup. Linux for the desktop that also acts as an internal DNS server. I also have a machine for playing counter-strike that dual boots with MS windows98. I recently ran windows update, and got this in my logs ( I had bind in querylog mode while I was testing some configs): (wednesday is my machine name) messages:Aug 19 11:00:00 wednesday named[590]: client 207.46.106.84#8535: query: 101.138.8.24.in-addr.arpa IN PTR messages:Aug 19 11:00:00 wednesday named[589]: client 207.46.106.84#8535: query: 101.138.8.24.in-addr.arpa IN PTR messages:Aug 19 11:00:00 wednesday named[590]: client 207.46.106.84#8535: query: 101.138.8.24.in-addr.arpa IN PTR messages:Aug 19 11:00:57 wednesday named[590]: client 207.46.106.84#8699: query: 101.138.8.24.in-addr.arpa IN PTR messages:Aug 19 11:00:57 wednesday named[589]: client 207.46.106.84#8699: query: 101.138.8.24.in-addr.arpa IN PTR messages:Aug 19 11:00:57 wednesday named[590]: client 207.46.106.84#8699: query: 101.138.8.24.in-addr.arpa IN PTR [chrismcc@wednesday log]$ host 207.46.106.84 84.106.46.207.in-addr.arpa. domain name pointer sjwu3dns1.windowsupdate.com. I guess requesting information is not the same as sending it... I just tried again: messages:Aug 21 16:35:22 wednesday named[2987]: client 207.46.106.84#8478: query: 101.138.8.24.in-addr.arpa IN PTR messages:Aug 21 16:35:22 wednesday named[2986]: client 207.46.106.84#8478: query: 101.138.8.24.in-addr.arpa IN PTR messages:Aug 21 16:35:22 wednesday named[2987]: client 207.46.106.84#8478: query: 101.138.8.24.in-addr.arpa IN PTR PIX log: Aug 21 16:35:22 192.168.9.254 Aug 21 2001 16:35:31: %PIX-6-302005: Built UDP connection for faddr 207.46.106.84/8478 gaddr 24.8.138.101/53 laddr MY.INTER.NAL.IP/53 Aug 21 16:35:22 192.168.9.254 Aug 21 2001 16:35:32: %PIX-6-302006: Teardown UDP connection for faddr 207.46.106.84/8478 gaddr 24.8.138.101/53 laddr MY.INTER.NAL.IP/53 Aug 21 16:35:22 192.168.9.254 Aug 21 2001 16:35:32: %PIX-6-302005: Built UDP connection for faddr 207.46.106.84/8478 gaddr 24.8.138.101/53 laddr MY.INTER.NAL.IP/53 Aug 21 16:35:22 192.168.9.254 Aug 21 2001 16:35:32: %PIX-6-302006: Teardown UDP connection for faddr 207.46.106.84/8478 gaddr 24.8.138.101/53 laddr MY.INTER.NAL.IP/53 Aug 21 16:35:22 192.168.9.254 Aug 21 2001 16:35:32: %PIX-6-302005: Built UDP connection for faddr 207.46.106.84/8478 gaddr 24.8.138.101/53 laddr MY.INTER.NAL.IP/53 Aug 21 16:35:27 192.168.9.254 Aug 21 2001 16:35:36: %PIX-6-302006: Teardown UDP connection for faddr 207.46.106.84/8478 gaddr 24.8.138.101/53 laddr MY.INTER.NAL.IP/53 > Yes you can simply pick another like my favorite > "time-a.timefreq.bldrdoc.gov" and all is well, but that average user wont > know this and may not even care, but they should ;) > > If your real paranoid one can think well if the NTP is using > time.windows.com what is stopping M$ from having some hidden app that can be > communicated to once they grab the IP that queries their time server?! > > Thanks for listening > > Dino > > > > > > > -- Christopher McCrory "The guy that keeps the servers running" chrismccat_private http://www.pricegrabber.com I don't make jokes in base 13. Anyone who does should get help. --Douglas Adams
This archive was generated by hypermail 2b30 : Tue Aug 21 2001 - 21:55:04 PDT